[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 38.773379] audit: type=1800 audit(1555959025.042:33): pid=7091 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 38.802561] audit: type=1800 audit(1555959025.042:34): pid=7091 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.774775] random: sshd: uninitialized urandom read (32 bytes read) [ 42.123099] audit: type=1400 audit(1555959028.392:35): avc: denied { map } for pid=7265 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.176305] random: sshd: uninitialized urandom read (32 bytes read) [ 42.949367] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. [ 49.965534] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/22 18:50:36 fuzzer started [ 50.162157] audit: type=1400 audit(1555959036.432:36): avc: denied { map } for pid=7274 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.994242] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/22 18:50:39 dialing manager at 10.128.0.105:46725 2019/04/22 18:50:39 syscalls: 2434 2019/04/22 18:50:39 code coverage: enabled 2019/04/22 18:50:39 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/22 18:50:39 extra coverage: extra coverage is not supported by the kernel 2019/04/22 18:50:39 setuid sandbox: enabled 2019/04/22 18:50:39 namespace sandbox: enabled 2019/04/22 18:50:39 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/22 18:50:39 fault injection: enabled 2019/04/22 18:50:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/22 18:50:39 net packet injection: enabled 2019/04/22 18:50:39 net device setup: enabled [ 54.474921] random: crng init done 18:52:44 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x72}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002fe0)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) mremap(&(0x7f000090a000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) read(r0, &(0x7f0000000080)=""/100, 0x386) 18:52:44 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:44 executing program 1: r0 = socket(0x1e, 0x4, 0x0) recvmmsg(r0, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/2, 0x2}], 0x1}}], 0x1, 0x10161, 0x0) 18:52:44 executing program 2: io_setup(0x9, &(0x7f0000000000)=0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) eventfd2(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}]) 18:52:44 executing program 3: io_setup(0x9, &(0x7f0000000000)=0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) eventfd2(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 18:52:44 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r1 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000240)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc}, 0x10) fadvise64(r1, 0x0, 0x1, 0x3) sendmmsg(r0, &(0x7f0000000a40), 0x400000000000030, 0x0) [ 178.023956] audit: type=1400 audit(1555959164.292:37): avc: denied { map } for pid=7274 comm="syz-fuzzer" path="/root/syzkaller-shm123455030" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 178.065420] audit: type=1400 audit(1555959164.332:38): avc: denied { map } for pid=7291 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13806 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 178.840292] IPVS: ftp: loaded support on port[0] = 21 [ 179.185764] chnl_net:caif_netlink_parms(): no params data found [ 179.222902] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.229524] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.236930] device bridge_slave_0 entered promiscuous mode [ 179.242819] IPVS: ftp: loaded support on port[0] = 21 [ 179.250594] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.256999] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.264140] device bridge_slave_1 entered promiscuous mode [ 179.297138] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.311219] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.338508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.346171] team0: Port device team_slave_0 added [ 179.354712] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.362018] team0: Port device team_slave_1 added [ 179.373024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.380611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.421266] IPVS: ftp: loaded support on port[0] = 21 [ 179.442574] device hsr_slave_0 entered promiscuous mode [ 179.480496] device hsr_slave_1 entered promiscuous mode [ 179.540859] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.555861] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.629300] chnl_net:caif_netlink_parms(): no params data found [ 179.640132] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.646700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.653920] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.660349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.744824] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.751933] IPVS: ftp: loaded support on port[0] = 21 [ 179.752155] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.764673] device bridge_slave_0 entered promiscuous mode [ 179.793875] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.800496] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.807425] device bridge_slave_1 entered promiscuous mode [ 179.837707] chnl_net:caif_netlink_parms(): no params data found [ 179.856022] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.865901] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.917246] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.926771] team0: Port device team_slave_0 added [ 179.947779] IPVS: ftp: loaded support on port[0] = 21 [ 179.968940] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 179.975725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.982322] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.989607] team0: Port device team_slave_1 added [ 179.998451] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.012583] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.019013] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.026096] device bridge_slave_0 entered promiscuous mode [ 180.034405] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.040946] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.048381] device bridge_slave_1 entered promiscuous mode [ 180.074702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.093843] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.115803] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 180.129736] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.193481] device hsr_slave_0 entered promiscuous mode [ 180.231063] device hsr_slave_1 entered promiscuous mode [ 180.315373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.325025] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.332262] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.339360] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 180.349013] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.356470] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.384214] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.393496] team0: Port device team_slave_0 added [ 180.405681] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 180.412764] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.431843] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.439100] team0: Port device team_slave_1 added [ 180.444452] chnl_net:caif_netlink_parms(): no params data found [ 180.454096] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.484637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.492454] IPVS: ftp: loaded support on port[0] = 21 [ 180.497317] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.515239] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.572499] device hsr_slave_0 entered promiscuous mode [ 180.611312] device hsr_slave_1 entered promiscuous mode [ 180.654436] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.662017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.669955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.677680] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.684104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.742654] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.760799] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.802314] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.808703] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.816048] device bridge_slave_0 entered promiscuous mode [ 180.823235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.831841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.839519] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.846284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.855861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.880952] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.887462] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.894953] device bridge_slave_1 entered promiscuous mode [ 180.901477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.912362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.920302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.933323] chnl_net:caif_netlink_parms(): no params data found [ 180.976627] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.997357] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.007417] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.018931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.026848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.035199] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.043524] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.051194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.072807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.081305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.116170] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.131972] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.139251] team0: Port device team_slave_0 added [ 181.146055] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.153896] team0: Port device team_slave_1 added [ 181.171003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.178479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.188577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.203895] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.211267] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.217626] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.226144] device bridge_slave_0 entered promiscuous mode [ 181.242676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.249520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.257376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.267469] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.274444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.296275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.304004] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.311363] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.318382] device bridge_slave_1 entered promiscuous mode [ 181.344113] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.355175] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.388378] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.428003] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 181.472552] device hsr_slave_0 entered promiscuous mode [ 181.520500] device hsr_slave_1 entered promiscuous mode [ 181.561102] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 181.569059] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 181.576677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.584000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.591500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.608278] team0: Port device team_slave_0 added [ 181.616224] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 181.625217] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.633430] chnl_net:caif_netlink_parms(): no params data found [ 181.665611] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.673784] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.686665] team0: Port device team_slave_1 added [ 181.695167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.714153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.721754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.729713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.737622] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.744040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.752202] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.759836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.787453] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.794961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.814946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.837626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.892561] device hsr_slave_0 entered promiscuous mode [ 181.950590] device hsr_slave_1 entered promiscuous mode [ 181.990846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.998774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.006856] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.013231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.022750] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.046149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.056542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 182.069221] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.078287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.086894] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.093814] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.101840] device bridge_slave_0 entered promiscuous mode [ 182.108720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.117177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.124289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.134662] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 182.141005] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.165048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.172707] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.179278] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.187051] device bridge_slave_1 entered promiscuous mode [ 182.205796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.214339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.227022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.235926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.244364] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.250786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.289820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.299385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.309574] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.320624] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.329338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.338327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.366815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.375665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.383744] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.390167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.397604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.405976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.414180] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.430656] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.437939] team0: Port device team_slave_0 added [ 182.443886] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.455516] team0: Port device team_slave_1 added 18:52:48 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100)={@my=0x0}) socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) close(r1) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000880), 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) getpgid(0x0) [ 182.464146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.478707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.493109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.500400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.508388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.518208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.531953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.541549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.551357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.568116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.576692] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.593507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.602179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.609898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.618056] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.627776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 18:52:48 executing program 0: 18:52:48 executing program 0: 18:52:49 executing program 0: [ 182.698338] device hsr_slave_0 entered promiscuous mode 18:52:49 executing program 0: 18:52:49 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) [ 182.744798] device hsr_slave_1 entered promiscuous mode [ 182.796399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 182.810548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.813953] REISERFS warning (device loop0): super-6514 reiserfs_parse_options: unknown quota format specified. [ 182.819194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.836648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.847382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.863144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 182.876755] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.891187] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready 18:52:49 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) [ 182.898554] REISERFS warning (device loop0): super-6514 reiserfs_parse_options: unknown quota format specified. [ 182.907377] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.921882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.929408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.946429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.953568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.967910] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 182.974698] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.988116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 182.999121] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.010219] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.016306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.032045] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.039285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.048231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.065455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.073810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.074341] REISERFS warning (device loop0): super-6514 reiserfs_parse_options: unknown quota format specified. [ 183.086376] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.097860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.105070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.113368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.125324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.137925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.149386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.157851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.167043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.181006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.188603] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.195013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.204174] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.210842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.227766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.236186] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.243927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.251417] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.258359] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.268034] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.274948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.283069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.289875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.312843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.321418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.335679] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.342722] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.354978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.364757] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.376396] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.387635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.398310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.406742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.414956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.422710] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.429043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.436505] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.443711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.453222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.461518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.479545] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 183.489829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.501914] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.508819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.522357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.530429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.538028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.545960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.554169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.562075] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.568422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.575458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.593808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.607537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.615423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.627598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.636847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.645949] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.652809] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.666300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.683970] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.697007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.705989] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.713491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.721870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.731778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.740955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.747107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.754995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.763283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.771049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.778329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.787354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 183.795017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.803362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.814921] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.821691] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.831364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.841231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.855381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.867607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.883056] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.889471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.915750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.923837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.932305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.941960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.949765] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.965132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.977279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 18:52:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:50 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) [ 184.010352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.019749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.027777] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.034195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.055780] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 184.067559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.081225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.100909] REISERFS warning (device loop0): super-6514 reiserfs_parse_options: unknown quota format specified. [ 184.115867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.136603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.156040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.202724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.209792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.234628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.255607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.280867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.291666] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 184.299759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.308713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.317198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.324963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.334624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 184.343710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 18:52:50 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) lsetxattr$trusted_overlay_redirect(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x3) [ 184.352258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.376120] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 184.382633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.420950] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 184.447141] 8021q: adding VLAN 0 to HW filter on device batadv0 18:52:50 executing program 3: clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) execve(&(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK/../file0\x00', 0x0, 0x0) getrandom(&(0x7f00000000c0)=""/30, 0x1e, 0x2) 18:52:51 executing program 4: openat$smack_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4004700e, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0xdd6, @rand_addr="943dc96778906a8c631b620d056254e8", 0x68}, 0x1c) r1 = socket$inet(0x2, 0x80001, 0x0) preadv(r1, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/109, 0x6d}], 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgrou\xd6\x8b\x9b\b\x00\x00\x00\x8e\xf7\xb4\x16\xffv)\x04\x11p.net/syz0\x00', 0x200002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = memfd_create(&(0x7f0000000080)='\x00', 0x0) ftruncate(r4, 0x1000000) sendfile(r3, r4, 0x0, 0xfffffdef) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f00000001c0)) write$P9_RREADDIR(r0, &(0x7f0000000180)=ANY=[], 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getpeername$inet6(r2, 0x0, &(0x7f0000000240)) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') 18:52:51 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") accept4$alg(r0, 0x0, 0x0, 0x0) 18:52:51 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:51 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:51 executing program 2: io_setup(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) 18:52:51 executing program 3: clone(0x2102005ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) clone(0xa01ffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() tkill(r1, 0xf) getgroups(0x3, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xee00]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000180)="0f20e06635000002000f22e00f9350f20f232e0f47f5baf80c66b8c8a2558a66efbafc0c66ed0f35b85c000f00d0baf80c66b8fe65f68066efbafc0ced66b9870a000066b8d95f902966baf1a568110f300f231b"}], 0xaaaaaaaaaaaad03, 0x0, 0x0, 0x0) fsetxattr$security_smack_transmute(0xffffffffffffffff, 0x0, &(0x7f0000000540)='TRUE', 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f0000000000)='\x00\xabtw/Z%B\xd2\xd6\x1e\xf0\xfc', 0x2) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, 0x0, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) getresuid(0x0, &(0x7f0000000300), 0x0) mount$fuse(0x0, 0x0, 0x0, 0x48000, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) [ 185.621128] hrtimer: interrupt took 35532 ns 18:52:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:52 executing program 3: fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000240)={@remote, 0x0, 0x0, 0x2, 0x1}, 0x20) [ 185.696792] REISERFS warning (device loop0): super-6514 reiserfs_parse_options: unknown quota format specified. [ 185.713200] audit: type=1400 audit(1555959171.982:39): avc: denied { create } for pid=7451 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 18:52:52 executing program 1: r0 = memfd_create(&(0x7f00000000c0)='/', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x800005, 0x12, r0, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {}, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000500)='maps\x00') 18:52:52 executing program 0: syz_mount_image$reiserfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:52 executing program 2: openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x62402, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0xfffffffffffffffe, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x80000) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000180)) r1 = syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/13]) removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='system.sockprotoname\x00') read(r2, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xc000, 0x48) socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = fcntl$dupfd(r3, 0x0, r1) r5 = socket(0x11, 0x803, 0x25) unshare(0x20000000) clone(0x800, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCOUTQ(r5, 0x5411, &(0x7f0000000200)) getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, 0x0, &(0x7f0000000140)) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x89a2, &(0x7f00000002c0)={'bridge0\x00\x00\x01\x00', 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e42, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r6, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x4) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r6, &(0x7f0000000300)="ce0410000013000000911efc1fb35c22cc6dc37916215963e155308f3a7b04345ed9cc0542627d8599b512eceb92bd3096bd845011399e975050d8fc03240ca3ac5c66bf7ebe8119b50f151eb8c7f7be608fe3ce", 0x54, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/150, 0x96}}], 0x1, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f00000005c0)) gettid() ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000640)) [ 185.893145] audit: type=1400 audit(1555959171.982:40): avc: denied { write } for pid=7451 comm="syz-executor.4" path="socket:[26374]" dev="sockfs" ino=26374 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 186.036914] audit: type=1400 audit(1555959172.082:41): avc: denied { read } for pid=7451 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 186.121196] audit: type=1400 audit(1555959172.132:42): avc: denied { map } for pid=7476 comm="syz-executor.1" path=2F6D656D66643A2F202864656C6574656429 dev="tmpfs" ino=26680 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 18:52:52 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000000)) 18:52:52 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x10000, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x2, 0x70bd2d, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x400c4) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000240)={0xa, &(0x7f0000000180)=[0x9, 0x7, 0x3f, 0x7fff, 0x7, 0x1f, 0x6, 0xffffffffffffffe1, 0xf8f, 0x5]}) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4b, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f00000001c0)) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) 18:52:52 executing program 1: r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0) clone(0x40001fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000280)={0x8, 0x0, 0x0, 0x100000000, 0x0, 0x9f}) 18:52:52 executing program 0: syz_mount_image$reiserfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:52 executing program 2: openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x62402, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0xfffffffffffffffe, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x80000) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000180)) r1 = syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/13]) removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='system.sockprotoname\x00') read(r2, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xc000, 0x48) socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = fcntl$dupfd(r3, 0x0, r1) r5 = socket(0x11, 0x803, 0x25) unshare(0x20000000) clone(0x800, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCOUTQ(r5, 0x5411, &(0x7f0000000200)) getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, 0x0, &(0x7f0000000140)) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x89a2, &(0x7f00000002c0)={'bridge0\x00\x00\x01\x00', 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e42, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r6, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x4) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r6, &(0x7f0000000300)="ce0410000013000000911efc1fb35c22cc6dc37916215963e155308f3a7b04345ed9cc0542627d8599b512eceb92bd3096bd845011399e975050d8fc03240ca3ac5c66bf7ebe8119b50f151eb8c7f7be608fe3ce", 0x54, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/150, 0x96}}], 0x1, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f00000005c0)) gettid() ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000640)) 18:52:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:52 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/246) ioctl$EVIOCGREP(r0, 0x40047451, &(0x7f0000000000)=""/174) [ 186.539379] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 8 (only 16 groups) 18:52:53 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000000)) 18:52:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:53 executing program 2: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x8) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x80000009) 18:52:53 executing program 0: syz_mount_image$reiserfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:53 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x800100000003) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 18:52:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000100)=0xc) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1b) listen(r0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getgid() r1 = socket$packet(0x11, 0x2, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xff4a) 18:52:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:54 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) 18:52:54 executing program 4: r0 = getpgrp(0x0) r1 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f0000000040), 0x0, 0x0, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2403, 0x0) 18:52:54 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:54 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(r0, 0x5) 18:52:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:54 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:54 executing program 1: r0 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5473, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PPPIOCSMRRU(0xffffffffffffffff, 0x4004743b, 0x0) gettid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xbd1b) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0xffffffff00000000, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x98) 18:52:54 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='jqfmt=v']) 18:52:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) [ 188.230450] protocol 88fb is buggy, dev hsr_slave_0 [ 188.235717] protocol 88fb is buggy, dev hsr_slave_1 18:52:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/176, 0xb0}], 0x1}, 0x0) 18:52:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000100)=0xc) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1b) listen(r0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getgid() r1 = socket$packet(0x11, 0x2, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xff4a) 18:52:54 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 18:52:54 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000080)) [ 188.536626] ================================================================== [ 188.544601] BUG: KASAN: global-out-of-bounds in strscpy+0x20e/0x2c0 [ 188.551070] Read of size 8 at addr ffffffff8677d6f8 by task syz-executor.0/7616 [ 188.558571] [ 188.558601] CPU: 1 PID: 7616 Comm: syz-executor.0 Not tainted 4.14.113 #3 [ 188.558608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.558633] Call Trace: [ 188.558668] dump_stack+0x138/0x19c [ 188.558686] ? strscpy+0x20e/0x2c0 [ 188.578211] print_address_description.cold+0x5/0x1dc [ 188.578230] ? strscpy+0x20e/0x2c0 [ 188.578240] kasan_report.cold+0xaf/0x2b5 [ 188.578255] __asan_report_load8_noabort+0x14/0x20 [ 188.578271] strscpy+0x20e/0x2c0 [ 188.584543] prepare_error_buf+0x94/0x1aa0 [ 188.584590] ? __lock_is_held+0xb6/0x140 [ 188.584602] ? scnprintf_le_key+0x600/0x600 [ 188.584620] __reiserfs_warning+0x9f/0xb0 [ 188.593351] ? reiserfs_printk+0xd0/0xd0 [ 188.593388] ? __bread_gfp+0x63/0x290 [ 188.593404] ? __brelse+0x50/0x60 [ 188.601208] ? read_super_block+0x11d/0x8c0 [ 188.601225] reiserfs_fill_super+0xa71/0x2b20 [ 188.601244] ? finish_unfinished+0x1010/0x1010 [ 188.601263] ? snprintf+0xa5/0xd0 [ 188.601280] ? set_blocksize+0x270/0x300 [ 188.601308] ? ns_test_super+0x50/0x50 [ 188.601326] mount_bdev+0x2c1/0x370 [ 188.601336] ? finish_unfinished+0x1010/0x1010 [ 188.601350] get_super_block+0x35/0x40 [ 188.601361] mount_fs+0x9d/0x2a7 [ 188.601383] vfs_kern_mount.part.0+0x5e/0x3d0 [ 188.601400] do_mount+0x417/0x27d0 [ 188.601411] ? copy_mount_options+0x5c/0x2f0 [ 188.601436] ? rcu_read_lock_sched_held+0x110/0x130 [ 188.601452] ? copy_mount_string+0x40/0x40 [ 188.601467] ? copy_mount_options+0x1fe/0x2f0 [ 188.601482] SyS_mount+0xab/0x120 [ 188.601492] ? copy_mnt_ns+0x8c0/0x8c0 [ 188.601516] do_syscall_64+0x1eb/0x630 [ 188.601529] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.607522] kobject: 'queues' (ffff8880a8e80348): kobject_uevent_env: filter function caused the event to drop! [ 188.609949] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 188.609966] RIP: 0033:0x45b69a [ 188.609972] RSP: 002b:00007ffa5ac7ba88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 188.609985] RAX: ffffffffffffffda RBX: 00007ffa5ac7bb40 RCX: 000000000045b69a [ 188.609992] RDX: 00007ffa5ac7bae0 RSI: 0000000020000100 RDI: 00007ffa5ac7bb00 [ 188.610006] RBP: 0000000000000000 R08: 00007ffa5ac7bb40 R09: 00007ffa5ac7bae0 [ 188.614745] kobject: 'rx-0' (ffff88803edc1390): kobject_add_internal: parent: 'queues', set: 'queues' [ 188.618290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 188.618297] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 188.618314] [ 188.618318] The buggy address belongs to the variable: [ 188.618350] __func__.31266+0x2dd8/0x3a60 [ 188.618363] [ 188.624586] kobject: 'rx-0' (ffff88803edc1390): kobject_uevent_env [ 188.626856] Memory state around the buggy address: [ 188.626869] ffffffff8677d580: 01 fa fa fa fa fa fa fa 01 fa fa fa fa fa fa fa [ 188.626876] ffffffff8677d600: 00 00 00 00 00 07 fa fa fa fa fa fa 00 00 00 07 [ 188.626884] >ffffffff8677d680: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 04 [ 188.626890] ^ [ 188.626898] ffffffff8677d700: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00 [ 188.626906] ffffffff8677d780: 00 00 00 00 02 fa fa fa fa fa fa fa 00 00 00 00 [ 188.626910] ================================================================== [ 188.626914] Disabling lock debugging due to kernel taint [ 188.627078] protocol 88fb is buggy, dev hsr_slave_0 [ 188.635153] kobject: 'rx-0' (ffff88803edc1390): fill_kobj_path: path = '/devices/virtual/net/vat/queues/rx-0' [ 188.638335] protocol 88fb is buggy, dev hsr_slave_1 [ 188.639183] Kernel panic - not syncing: panic_on_warn set ... [ 188.639183] [ 188.645919] kobject: 'tx-0' (ffff88803ed802d8): kobject_add_internal: parent: 'queues', set: 'queues' [ 188.647174] CPU: 1 PID: 7616 Comm: syz-executor.0 Tainted: G B 4.14.113 #3 [ 188.647180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.647184] Call Trace: [ 188.647206] dump_stack+0x138/0x19c [ 188.647227] ? strscpy+0x20e/0x2c0 [ 188.656305] kobject: 'tx-0' (ffff88803ed802d8): kobject_uevent_env [ 188.659309] panic+0x1f2/0x438 [ 188.659320] ? add_taint.cold+0x16/0x16 [ 188.659346] kasan_end_report+0x47/0x4f [ 188.663949] kobject: 'tx-0' (ffff88803ed802d8): fill_kobj_path: path = '/devices/virtual/net/vat/queues/tx-0' [ 188.666928] kasan_report.cold+0x136/0x2b5 [ 188.666942] __asan_report_load8_noabort+0x14/0x20 [ 188.666954] strscpy+0x20e/0x2c0 [ 188.666968] prepare_error_buf+0x94/0x1aa0 [ 188.666983] ? __lock_is_held+0xb6/0x140 [ 188.683302] kobject: 'batman_adv' (ffff8880918f4400): kobject_add_internal: parent: 'vat', set: '' [ 188.683412] ? scnprintf_le_key+0x600/0x600 [ 188.683428] __reiserfs_warning+0x9f/0xb0 [ 188.683438] ? reiserfs_printk+0xd0/0xd0 [ 188.683457] ? __bread_gfp+0x63/0x290 [ 189.012346] ? __brelse+0x50/0x60 [ 189.015808] ? read_super_block+0x11d/0x8c0 [ 189.020141] reiserfs_fill_super+0xa71/0x2b20 [ 189.024641] ? finish_unfinished+0x1010/0x1010 [ 189.029241] ? snprintf+0xa5/0xd0 [ 189.032708] ? set_blocksize+0x270/0x300 [ 189.036850] ? ns_test_super+0x50/0x50 [ 189.040744] mount_bdev+0x2c1/0x370 [ 189.044816] ? finish_unfinished+0x1010/0x1010 [ 189.049399] get_super_block+0x35/0x40 [ 189.053292] mount_fs+0x9d/0x2a7 [ 189.056661] vfs_kern_mount.part.0+0x5e/0x3d0 [ 189.061160] do_mount+0x417/0x27d0 [ 189.064698] ? copy_mount_options+0x5c/0x2f0 [ 189.069119] ? rcu_read_lock_sched_held+0x110/0x130 [ 189.074144] ? copy_mount_string+0x40/0x40 [ 189.078400] ? copy_mount_options+0x1fe/0x2f0 [ 189.082906] SyS_mount+0xab/0x120 [ 189.086363] ? copy_mnt_ns+0x8c0/0x8c0 [ 189.090252] do_syscall_64+0x1eb/0x630 [ 189.094145] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 189.099009] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 189.104204] RIP: 0033:0x45b69a [ 189.107385] RSP: 002b:00007ffa5ac7ba88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 189.115087] RAX: ffffffffffffffda RBX: 00007ffa5ac7bb40 RCX: 000000000045b69a [ 189.122355] RDX: 00007ffa5ac7bae0 RSI: 0000000020000100 RDI: 00007ffa5ac7bb00 [ 189.129625] RBP: 0000000000000000 R08: 00007ffa5ac7bb40 R09: 00007ffa5ac7bae0 [ 189.136893] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 189.144158] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 189.152341] Kernel Offset: disabled [ 189.155966] Rebooting in 86400 seconds..