[ 122.747107][ T40] audit: type=1400 audit(1595093569.183:41): avc: denied { map } for pid=8975 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:64641' (ECDSA) to the list of known hosts. [ 126.562545][ T40] audit: type=1400 audit(1595093573.003:42): avc: denied { map } for pid=8987 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/18 17:32:53 fuzzer started 2020/07/18 17:32:54 dialing manager at 10.0.2.10:45655 [ 128.225327][ T40] audit: type=1400 audit(1595093574.663:43): avc: denied { integrity } for pid=9004 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 2020/07/18 17:32:54 syscalls: 3205 2020/07/18 17:32:54 code coverage: enabled 2020/07/18 17:32:54 comparison tracing: enabled 2020/07/18 17:32:54 extra coverage: enabled 2020/07/18 17:32:54 setuid sandbox: enabled 2020/07/18 17:32:54 namespace sandbox: enabled 2020/07/18 17:32:54 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 17:32:54 fault injection: enabled 2020/07/18 17:32:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 17:32:54 net packet injection: enabled 2020/07/18 17:32:54 net device setup: enabled 2020/07/18 17:32:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 17:32:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 17:32:54 USB emulation: enabled 17:33:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x1, [{0x0, 0x0}]}) [ 180.454552][ T40] audit: type=1400 audit(1595093626.893:44): avc: denied { map } for pid=9007 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=24596 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 17:33:47 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x200408c4) [ 181.207229][ T9008] IPVS: ftp: loaded support on port[0] = 21 17:33:47 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083314, 0x0) [ 181.483399][ T9010] IPVS: ftp: loaded support on port[0] = 21 17:33:48 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) [ 181.968188][ T9008] chnl_net:caif_netlink_parms(): no params data found [ 182.024525][ T9012] IPVS: ftp: loaded support on port[0] = 21 [ 182.202103][ T9010] chnl_net:caif_netlink_parms(): no params data found [ 182.431869][ T9008] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.489895][ T9008] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.564163][ T9008] device bridge_slave_0 entered promiscuous mode [ 182.634335][ T9008] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.680348][ T9008] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.722555][ T9008] device bridge_slave_1 entered promiscuous mode [ 182.827948][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.864334][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.902452][ T9010] device bridge_slave_0 entered promiscuous mode [ 182.948608][ T9008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.996259][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.031623][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.067088][ T9010] device bridge_slave_1 entered promiscuous mode [ 183.131050][ T9008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.132315][ T9018] IPVS: ftp: loaded support on port[0] = 21 [ 183.227080][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.284699][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.337216][ T9008] team0: Port device team_slave_0 added [ 183.375269][ T9008] team0: Port device team_slave_1 added [ 183.430171][ T9010] team0: Port device team_slave_0 added [ 183.471231][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.499403][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.602019][ T9008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.679333][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.731053][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.928074][ T9008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.027493][ T9010] team0: Port device team_slave_1 added [ 184.086272][ T9012] chnl_net:caif_netlink_parms(): no params data found [ 184.213505][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.262929][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.412383][ T9010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.505135][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.540029][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.681394][ T9010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.784999][ T9008] device hsr_slave_0 entered promiscuous mode [ 184.862302][ T9008] device hsr_slave_1 entered promiscuous mode [ 184.994900][ T9012] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.021406][ T9012] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.054906][ T9012] device bridge_slave_0 entered promiscuous mode [ 185.091118][ T9012] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.121008][ T9012] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.155270][ T9012] device bridge_slave_1 entered promiscuous mode [ 185.233274][ T9010] device hsr_slave_0 entered promiscuous mode [ 185.299325][ T9010] device hsr_slave_1 entered promiscuous mode [ 185.369210][ T9010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 185.402291][ T9010] Cannot create hsr debugfs directory [ 185.511779][ T9012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.559540][ T9012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.609109][ T9012] team0: Port device team_slave_0 added [ 185.633036][ T9012] team0: Port device team_slave_1 added [ 185.699724][ T9012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.722362][ T9012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.789560][ T9012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.825093][ T9012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.841203][ T9012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.916115][ T9012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.012297][ T9018] chnl_net:caif_netlink_parms(): no params data found [ 186.133775][ T9012] device hsr_slave_0 entered promiscuous mode [ 186.199392][ T9012] device hsr_slave_1 entered promiscuous mode [ 186.259380][ T9012] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.282674][ T9012] Cannot create hsr debugfs directory [ 186.418222][ T40] audit: type=1400 audit(1595093632.853:45): avc: denied { create } for pid=9008 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 186.463720][ T9008] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 186.506661][ T40] audit: type=1400 audit(1595093632.863:46): avc: denied { write } for pid=9008 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 186.612268][ T40] audit: type=1400 audit(1595093632.863:47): avc: denied { read } for pid=9008 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 186.742793][ T9008] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 186.865630][ T9018] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.884837][ T9018] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.903535][ T9018] device bridge_slave_0 entered promiscuous mode [ 186.927274][ T9008] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 187.005165][ T9008] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 187.090918][ T9018] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.112959][ T9018] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.138364][ T9018] device bridge_slave_1 entered promiscuous mode [ 187.226361][ T9018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.256443][ T9018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.296288][ T9010] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 187.386670][ T9010] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 187.486707][ T9010] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 187.595334][ T9010] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 187.715566][ T9018] team0: Port device team_slave_0 added [ 187.734591][ T9018] team0: Port device team_slave_1 added [ 187.766602][ T9018] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.796611][ T9018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.880602][ T9018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.910411][ T9018] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.927227][ T9018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.996275][ T9018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.076970][ T9012] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 188.156653][ T9012] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 188.292945][ T9018] device hsr_slave_0 entered promiscuous mode [ 188.379596][ T9018] device hsr_slave_1 entered promiscuous mode [ 188.449058][ T9018] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 188.475162][ T9018] Cannot create hsr debugfs directory [ 188.509036][ T9012] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 188.592885][ T9012] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 188.814461][ T9018] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 188.881471][ T9018] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 188.975575][ T9018] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 189.051570][ T9018] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 189.152107][ T9008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.212724][ T9008] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.230917][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.251242][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.282284][ T9010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.297082][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.322224][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.346589][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.365274][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.406919][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.422914][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.442883][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.467840][ T3132] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.485708][ T3132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.535519][ T9012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.557062][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.576750][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.592828][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.629684][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.650538][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.671490][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.690156][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.708075][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.727044][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.745479][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.766721][ T9010] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.783819][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.812817][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.851227][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.867534][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.882458][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.899166][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.919883][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.936859][ T2860] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.951841][ T2860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.970360][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.994315][ T9008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.018571][ T9012] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.045997][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.066102][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.083097][ T9024] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.099781][ T9024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.121855][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.165369][ T9018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.181778][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.202970][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.223886][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.246089][ T2860] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.262249][ T2860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.280224][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.307070][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.326227][ T78] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.354806][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.391271][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.423932][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.452779][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 190.475862][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 190.502754][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.531411][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.561857][ T3861] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.584661][ T3861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.611520][ T9008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.648513][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.677382][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.696082][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.715770][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.744625][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.778624][ T9018] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.817389][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.843743][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.871564][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.895333][ T3132] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.915333][ T3132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.932135][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.950289][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.968155][ T3132] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.984584][ T3132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.005265][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.046055][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.066708][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.095327][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 191.117929][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.140467][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.161648][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.183994][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.201002][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.222722][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.245072][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.283518][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.300836][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.316493][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.332753][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.353068][ T9008] device veth0_vlan entered promiscuous mode [ 191.383125][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 191.402365][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 191.416855][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.433087][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.452829][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.471267][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.494571][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.520831][ T9018] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.554499][ T9018] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.593695][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 191.612081][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 191.628287][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.647425][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.663609][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.682388][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.704885][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.733149][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.768573][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.791223][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.816837][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.853170][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.895989][ T9008] device veth1_vlan entered promiscuous mode [ 191.920105][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 191.943258][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 191.969876][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.990020][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 192.015273][ T9018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.047716][ T9012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.070993][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 192.090545][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 192.110353][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.128458][ T3861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.171609][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.196039][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.231951][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.251497][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.275323][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.297652][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.318374][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.334459][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.362401][ T9010] device veth0_vlan entered promiscuous mode [ 192.404470][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 192.426636][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 192.464362][ T9008] device veth0_macvtap entered promiscuous mode [ 192.481311][ T9012] device veth0_vlan entered promiscuous mode [ 192.500460][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 192.522022][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.537869][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.554047][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.571630][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.593286][ T9010] device veth1_vlan entered promiscuous mode [ 192.619868][ T9008] device veth1_macvtap entered promiscuous mode [ 192.646347][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 192.669505][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.685680][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.706836][ T9018] device veth0_vlan entered promiscuous mode [ 192.727486][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.747199][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.782680][ T9012] device veth1_vlan entered promiscuous mode [ 192.810962][ T9018] device veth1_vlan entered promiscuous mode [ 192.836363][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.863680][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 192.887227][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 192.905609][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 192.925311][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 192.944521][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 192.974727][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.996456][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 193.017833][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.037812][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 193.065643][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.084478][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.128452][ T9010] device veth0_macvtap entered promiscuous mode [ 193.254085][ T9010] device veth1_macvtap entered promiscuous mode [ 193.268149][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 193.291380][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 193.309835][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.324542][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.340695][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.357527][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.450663][ T9012] device veth0_macvtap entered promiscuous mode [ 193.472404][ T9018] device veth0_macvtap entered promiscuous mode [ 193.544265][ T40] audit: type=1400 audit(1595093639.983:48): avc: denied { associate } for pid=9008 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 193.555984][ T9012] device veth1_macvtap entered promiscuous mode [ 193.632519][ T9018] device veth1_macvtap entered promiscuous mode [ 193.662185][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 193.685036][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.706994][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.733610][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 193.755456][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.774953][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.793751][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.807792][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 193.826056][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.847740][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 193.875880][ T9008] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 193.930573][ T9018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 193.991593][ T9018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.037792][ T9018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.091802][ T9018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.157851][ T9018] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.209899][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.266502][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.316875][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.353234][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.380233][ T36] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 194.397446][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.487572][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.522838][ T9012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.633514][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.666117][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.697290][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.733443][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.782046][ T9018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.846855][ T9018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.885157][ T9018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.890085][ T36] usb 5-1: No LPM exit latency info found, disabling LPM. [ 194.919425][ T9018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.921049][ T9018] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.047586][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.080650][ T9024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.125609][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.130831][ T36] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 195.167075][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.265805][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.308543][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.341990][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.384839][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.424536][ T9012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.489398][ T36] usb 5-1: string descriptor 0 read error: -22 [ 195.507451][ T36] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 195.534629][ T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.624778][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.626073][ T36] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 195.656096][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.822536][ T36] usb 5-1: USB disconnect, device number 2 [ 195.853574][ T40] audit: type=1400 audit(1595093642.293:49): avc: denied { open } for pid=9043 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 195.915949][ T40] audit: type=1400 audit(1595093642.293:50): avc: denied { perfmon } for pid=9043 comm="syz-executor.1" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 195.991363][ T40] audit: type=1400 audit(1595093642.293:51): avc: denied { kernel } for pid=9043 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 196.046790][ T40] audit: type=1400 audit(1595093642.293:52): avc: denied { confidentiality } for pid=9043 comm="syz-executor.1" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:34:02 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000028000535d25a80648c63940d0d24fc60100003400a600200053582c137153e370400018003001700d1bd", 0x33fe0}], 0x1}, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x4}, 0x20) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) 17:34:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x1, [{0x0, 0x0}]}) [ 196.392702][ T40] audit: type=1400 audit(1595093642.833:53): avc: denied { prog_load } for pid=9051 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 196.400113][ T9052] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 17:34:02 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083314, 0x0) 17:34:02 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) 17:34:03 executing program 2: perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000140)=@l2tp6={0xa, 0x0, 0x0, @remote, 0x1}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000240)="94", 0x1}], 0x1}, 0x0) 17:34:03 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) [ 196.587274][ T9057] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 17:34:03 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) 17:34:03 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) 17:34:03 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) [ 196.779114][ T3230] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 197.170523][ T3230] usb 5-1: No LPM exit latency info found, disabling LPM. [ 197.291284][ T3230] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 197.609392][ T3230] usb 5-1: string descriptor 0 read error: -22 [ 197.641736][ T3230] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 197.686972][ T3230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.772910][ T3230] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 197.981852][ T3230] usb 5-1: USB disconnect, device number 3 17:34:04 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:04 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) 17:34:04 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:04 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x400454ca, &(0x7f0000000040)) 17:34:04 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) 17:34:04 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x400454ca, &(0x7f0000000040)) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0xc0045006, 0x73f000) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4) sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@hoplimit_2292={{0x14}}], 0x18}}], 0x1, 0x0) 17:34:05 executing program 1: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) 17:34:05 executing program 1: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4) sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@hoplimit_2292={{0x14}}], 0x18}}], 0x1, 0x0) 17:34:05 executing program 0: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 0: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 1: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0xc0045006, 0x73f000) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 0: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045006, 0x73f000) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 1: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 1: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 2: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 2: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:05 executing program 1: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045006, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:05 executing program 2: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045010, 0x0) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x80045002, 0x73f000) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 0: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 0: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5016, 0x0) 17:34:05 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 0: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045010, 0x0) 17:34:05 executing program 1: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x80045002, 0x73f000) 17:34:05 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:05 executing program 1: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:05 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:05 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000000)) 17:34:06 executing program 1: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:06 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:06 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) [ 199.531926][ T40] audit: type=1400 audit(1595093645.973:54): avc: denied { map } for pid=9292 comm="syz-executor.0" path="/dev/fb0" dev="devtmpfs" ino=958 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:framebuf_device_t:s0 tclass=chr_file permissive=1 17:34:06 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5016, 0x0) 17:34:06 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:06 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb904021d65ef0b007c05e87c55a1bc000900b8000699030000000500054002008178a800050069000100e558f03003ac020000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 17:34:06 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:06 executing program 3: syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="050f050008"]}) 17:34:06 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:06 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:06 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) 17:34:06 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:06 executing program 1: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:06 executing program 1: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:06 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 199.959006][ T36] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 200.210143][ T36] usb 8-1: Using ep0 maxpacket: 8 [ 200.449122][ T36] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 200.659118][ T36] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 200.685238][ T36] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.703045][ T36] usb 8-1: Product: syz [ 200.711120][ T36] usb 8-1: Manufacturer: syz [ 200.720716][ T36] usb 8-1: SerialNumber: syz [ 200.770530][ T36] cdc_ether: probe of 8-1:1.0 failed with error -22 [ 200.974746][ T3132] usb 8-1: USB disconnect, device number 2 [ 201.758959][ T3132] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 202.008952][ T3132] usb 8-1: Using ep0 maxpacket: 8 [ 202.220034][ T3132] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 202.429145][ T3132] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 202.454669][ T3132] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.484860][ T3132] usb 8-1: Product: syz [ 202.504653][ T3132] usb 8-1: Manufacturer: syz [ 202.523720][ T3132] usb 8-1: SerialNumber: syz [ 202.580083][ T3132] cdc_ether: probe of 8-1:1.0 failed with error -22 17:34:09 executing program 1: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000000)={0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:09 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, 0xffffffffffffffff, 0x0) 17:34:09 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x8004500f, 0x73f000) 17:34:09 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) [ 202.675980][ T36] usb 8-1: USB disconnect, device number 3 17:34:09 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 17:34:09 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, 0xffffffffffffffff, 0x0) 17:34:09 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x8004500f, 0x73f000) 17:34:09 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 17:34:09 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 17:34:09 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x8004500f, 0x73f000) 17:34:09 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:09 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) 17:34:09 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300}) 17:34:09 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x8004500f, 0x73f000) 17:34:09 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)) 17:34:09 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:09 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x8004500f, 0x73f000) 17:34:09 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) 17:34:09 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) 17:34:09 executing program 3: ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x8004500f, 0x73f000) 17:34:09 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0xffffffffffffffff, 0x0, 0x10, r0, 0x0) [ 203.038477][ T9389] ================================================================== [ 203.038788][ T9389] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 203.038788][ T9389] Write of size 8 at addr ffffc90009901000 by task syz-executor.1/9389 [ 203.038788][ T9389] [ 203.038788][ T9389] CPU: 0 PID: 9389 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 203.038788][ T9389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 203.038788][ T9389] Call Trace: [ 203.038788][ T9389] dump_stack+0x18f/0x20d [ 203.038788][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.038788][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.038788][ T9389] print_address_description.constprop.0.cold+0x5/0x436 [ 203.038788][ T9389] ? trace_hardirqs_off+0x27/0x210 [ 203.038788][ T9389] ? vprintk_func+0x97/0x1a6 [ 203.041676][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.041677][ T9389] kasan_report.cold+0x1f/0x37 [ 203.041677][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.041677][ T9389] bitfill_aligned+0x34a/0x400 [ 203.041677][ T9389] sys_fillrect+0x408/0x7a0 [ 203.041677][ T9389] ? sys_fillrect+0x7a0/0x7a0 [ 203.041677][ T9389] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 203.041677][ T9389] bit_clear_margins+0x2d5/0x4a0 [ 203.041677][ T9389] ? bit_bmove+0x210/0x210 [ 203.041677][ T9389] ? finish_task_switch+0x147/0x750 [ 203.041677][ T9389] ? fb_get_color_depth+0x11a/0x240 [ 203.041677][ T9389] fbcon_clear_margins+0x1d5/0x230 [ 203.041677][ T9389] fbcon_switch+0xb6e/0x16c0 [ 203.041677][ T9389] ? fbcon_scroll+0x3600/0x3600 [ 203.041677][ T9389] ? set_origin+0x1f/0x3e0 [ 203.041677][ T9389] ? is_console_locked+0x5/0x10 [ 203.041677][ T9389] ? fbcon_set_origin+0x26/0x50 [ 203.041677][ T9389] redraw_screen+0x2ae/0x770 [ 203.041677][ T9389] ? vc_init+0x440/0x440 [ 203.041677][ T9389] ? fbcon_set_palette+0x3a8/0x490 [ 203.041677][ T9389] fbcon_modechanged+0x575/0x710 [ 203.041677][ T9389] fbcon_update_vcs+0x3a/0x50 [ 203.041677][ T9389] fb_set_var+0xae8/0xd60 [ 203.041677][ T9389] ? fb_blank+0x190/0x190 [ 203.041677][ T9389] ? lock_release+0x8d0/0x8d0 [ 203.041677][ T9389] ? lock_is_held_type+0xb0/0xe0 [ 203.041677][ T9389] ? do_fb_ioctl+0x2f2/0x6c0 [ 203.041677][ T9389] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 203.041677][ T9389] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 203.041677][ T9389] ? trace_hardirqs_on+0x5f/0x220 [ 203.041677][ T9389] do_fb_ioctl+0x33f/0x6c0 [ 203.041677][ T9389] ? fb_set_suspend+0x1a0/0x1a0 [ 203.041677][ T9389] ? tomoyo_execute_permission+0x470/0x470 [ 203.041677][ T9389] ? lock_is_held_type+0xb0/0xe0 [ 203.041677][ T9389] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 203.041677][ T9389] ? do_vfs_ioctl+0x27d/0x1090 [ 203.041677][ T9389] ? __fget_files+0x294/0x400 [ 203.041677][ T9389] fb_ioctl+0xdd/0x130 [ 203.041677][ T9389] ? do_fb_ioctl+0x6c0/0x6c0 [ 203.041677][ T9389] ksys_ioctl+0x11a/0x180 [ 203.041677][ T9389] __x64_sys_ioctl+0x6f/0xb0 [ 203.041677][ T9389] ? lockdep_hardirqs_on+0x6a/0xe0 [ 203.041677][ T9389] do_syscall_64+0x60/0xe0 [ 203.041677][ T9389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 203.041677][ T9389] RIP: 0033:0x45c049 [ 203.041677][ T9389] Code: Bad RIP value. [ 203.041677][ T9389] RSP: 002b:00007fb7b268ec88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.041677][ T9389] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 203.041677][ T9389] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 203.041677][ T9389] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 203.041677][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 203.041677][ T9389] R13: 00007ffdeaf1061f R14: 00007fb7b266f000 R15: 0000000000000003 [ 203.041677][ T9389] [ 203.041677][ T9389] [ 203.041677][ T9389] Memory state around the buggy address: [ 203.041677][ T9389] ffffc90009900f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 203.041677][ T9389] ffffc90009900f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 203.041677][ T9389] >ffffc90009901000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 203.041677][ T9389] ^ [ 203.041677][ T9389] ffffc90009901080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 203.041677][ T9389] ffffc90009901100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 203.041677][ T9389] ================================================================== [ 203.041677][ T9389] Disabling lock debugging due to kernel taint [ 203.084375][ T9389] Kernel panic - not syncing: panic_on_warn set ... [ 203.084388][ T9389] CPU: 2 PID: 9389 Comm: syz-executor.1 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 203.084395][ T9389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 203.084418][ T9389] Call Trace: [ 203.084524][ T9389] dump_stack+0x18f/0x20d [ 203.084537][ T9389] ? bitfill_aligned+0x290/0x400 [ 203.084744][ T9389] panic+0x2e3/0x75c [ 203.084754][ T9389] ? __warn_printk+0xf3/0xf3 [ 203.084768][ T9389] ? preempt_schedule_common+0x59/0xc0 [ 203.084777][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.084876][ T9389] ? preempt_schedule_thunk+0x16/0x18 [ 203.084886][ T9389] ? trace_hardirqs_on+0x55/0x220 [ 203.084895][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.084904][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.084914][ T9389] end_report+0x4d/0x53 [ 203.084922][ T9389] kasan_report.cold+0xd/0x37 [ 203.084931][ T9389] ? bitfill_aligned+0x34a/0x400 [ 203.084939][ T9389] bitfill_aligned+0x34a/0x400 [ 203.084948][ T9389] sys_fillrect+0x408/0x7a0 [ 203.084956][ T9389] ? sys_fillrect+0x7a0/0x7a0 [ 203.084968][ T9389] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 203.084977][ T9389] bit_clear_margins+0x2d5/0x4a0 [ 203.084985][ T9389] ? bit_bmove+0x210/0x210 [ 203.084994][ T9389] ? finish_task_switch+0x147/0x750 [ 203.085003][ T9389] ? fb_get_color_depth+0x11a/0x240 [ 203.085011][ T9389] fbcon_clear_margins+0x1d5/0x230 [ 203.085019][ T9389] fbcon_switch+0xb6e/0x16c0 [ 203.085029][ T9389] ? fbcon_scroll+0x3600/0x3600 [ 203.085043][ T9389] ? set_origin+0x1f/0x3e0 [ 203.085053][ T9389] ? is_console_locked+0x5/0x10 [ 203.085060][ T9389] ? fbcon_set_origin+0x26/0x50 [ 203.085069][ T9389] redraw_screen+0x2ae/0x770 [ 203.085077][ T9389] ? vc_init+0x440/0x440 [ 203.085085][ T9389] ? fbcon_set_palette+0x3a8/0x490 [ 203.085093][ T9389] fbcon_modechanged+0x575/0x710 [ 203.085101][ T9389] fbcon_update_vcs+0x3a/0x50 [ 203.085109][ T9389] fb_set_var+0xae8/0xd60 [ 203.085118][ T9389] ? fb_blank+0x190/0x190 [ 203.085125][ T9389] ? lock_release+0x8d0/0x8d0 [ 203.085134][ T9389] ? lock_is_held_type+0xb0/0xe0 [ 203.085144][ T9389] ? do_fb_ioctl+0x2f2/0x6c0 [ 203.085155][ T9389] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 203.085163][ T9389] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 203.085170][ T9389] ? trace_hardirqs_on+0x5f/0x220 [ 203.085178][ T9389] do_fb_ioctl+0x33f/0x6c0 [ 203.085187][ T9389] ? fb_set_suspend+0x1a0/0x1a0 [ 203.085196][ T9389] ? tomoyo_execute_permission+0x470/0x470 [ 203.085205][ T9389] ? lock_is_held_type+0xb0/0xe0 [ 203.085216][ T9389] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 203.085224][ T9389] ? do_vfs_ioctl+0x27d/0x1090 [ 203.085236][ T9389] ? __fget_files+0x294/0x400 [ 203.085244][ T9389] fb_ioctl+0xdd/0x130 [ 203.085257][ T9389] ? do_fb_ioctl+0x6c0/0x6c0 [ 203.085264][ T9389] ksys_ioctl+0x11a/0x180 [ 203.085271][ T9389] __x64_sys_ioctl+0x6f/0xb0 [ 203.085278][ T9389] ? lockdep_hardirqs_on+0x6a/0xe0 [ 203.085286][ T9389] do_syscall_64+0x60/0xe0 [ 203.085295][ T9389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 203.085330][ T9389] RIP: 0033:0x45c049 [ 203.085333][ T9389] Code: Bad RIP value. [ 203.085337][ T9389] RSP: 002b:00007fb7b268ec88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.085346][ T9389] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 203.085351][ T9389] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 203.085381][ T9389] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 203.085387][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 203.085392][ T9389] R13: 00007ffdeaf1061f R14: 00007fb7b266f000 R15: 0000000000000003 [ 203.088747][ T9389] Kernel Offset: disabled [ 203.088747][ T9389] Rebooting in 86400 seconds..