Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 37.331374] audit: type=1800 audit(1569301329.568:33): pid=7353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.359405] audit: type=1800 audit(1569301329.568:34): pid=7353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.319486] audit: type=1400 audit(1569301334.558:35): avc: denied { map } for pid=7528 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts. 2019/09/24 05:02:20 fuzzer started [ 48.722850] audit: type=1400 audit(1569301340.958:36): avc: denied { map } for pid=7537 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/24 05:02:22 dialing manager at 10.128.0.105:35637 2019/09/24 05:02:22 syscalls: 2488 2019/09/24 05:02:22 code coverage: enabled 2019/09/24 05:02:22 comparison tracing: enabled 2019/09/24 05:02:22 extra coverage: extra coverage is not supported by the kernel 2019/09/24 05:02:22 setuid sandbox: enabled 2019/09/24 05:02:22 namespace sandbox: enabled 2019/09/24 05:02:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/24 05:02:22 fault injection: enabled 2019/09/24 05:02:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/24 05:02:22 net packet injection: enabled 2019/09/24 05:02:22 net device setup: enabled 05:05:00 executing program 0: [ 207.822864] audit: type=1400 audit(1569301500.058:37): avc: denied { map } for pid=7554 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1139 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 207.944396] IPVS: ftp: loaded support on port[0] = 21 05:05:00 executing program 1: [ 208.087260] chnl_net:caif_netlink_parms(): no params data found [ 208.141309] IPVS: ftp: loaded support on port[0] = 21 [ 208.179329] bridge0: port 1(bridge_slave_0) entered blocking state 05:05:00 executing program 2: [ 208.186684] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.194589] device bridge_slave_0 entered promiscuous mode [ 208.209072] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.215830] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.223795] device bridge_slave_1 entered promiscuous mode [ 208.277769] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.312714] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.366490] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.398017] team0: Port device team_slave_0 added [ 208.419030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.426608] team0: Port device team_slave_1 added [ 208.434707] chnl_net:caif_netlink_parms(): no params data found [ 208.445599] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.459959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 05:05:00 executing program 3: [ 208.474236] IPVS: ftp: loaded support on port[0] = 21 [ 208.589906] device hsr_slave_0 entered promiscuous mode [ 208.627406] device hsr_slave_1 entered promiscuous mode [ 208.670723] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.679315] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.686748] device bridge_slave_0 entered promiscuous mode [ 208.698633] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 208.705767] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready 05:05:00 executing program 4: [ 208.718915] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.720420] IPVS: ftp: loaded support on port[0] = 21 [ 208.725554] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.744456] device bridge_slave_1 entered promiscuous mode [ 208.797084] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.803589] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.810675] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.817081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.894795] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.933231] bond0: Enslaving bond_slave_1 as an active interface with an up link 05:05:01 executing program 5: [ 208.975678] IPVS: ftp: loaded support on port[0] = 21 [ 209.065899] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.075939] team0: Port device team_slave_0 added [ 209.084910] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.092626] team0: Port device team_slave_1 added [ 209.136497] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.154331] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.165561] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.176171] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.249020] device hsr_slave_0 entered promiscuous mode [ 209.287361] device hsr_slave_1 entered promiscuous mode [ 209.329841] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 209.337353] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 209.351666] chnl_net:caif_netlink_parms(): no params data found [ 209.381289] IPVS: ftp: loaded support on port[0] = 21 [ 209.389653] chnl_net:caif_netlink_parms(): no params data found [ 209.418152] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 209.464664] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.472826] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.480817] device bridge_slave_0 entered promiscuous mode [ 209.500679] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.507441] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.514744] device bridge_slave_1 entered promiscuous mode [ 209.539894] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.546866] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.554396] device bridge_slave_0 entered promiscuous mode [ 209.562113] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.569578] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.579006] device bridge_slave_1 entered promiscuous mode [ 209.595331] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.606788] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.642284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.656075] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.664000] team0: Port device team_slave_0 added [ 209.678369] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.688003] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.696469] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.722030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.729685] team0: Port device team_slave_1 added [ 209.736849] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.745684] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.763292] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.782177] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.789772] team0: Port device team_slave_0 added [ 209.795589] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.803159] team0: Port device team_slave_1 added [ 209.811644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.819235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.888927] device hsr_slave_0 entered promiscuous mode [ 209.928896] device hsr_slave_1 entered promiscuous mode [ 209.969737] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 209.977134] chnl_net:caif_netlink_parms(): no params data found [ 209.986364] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 209.997405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.042557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.052250] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 210.058838] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.066660] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.112362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.121502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.130080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.138211] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.144722] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.210120] device hsr_slave_0 entered promiscuous mode [ 210.247598] device hsr_slave_1 entered promiscuous mode [ 210.288109] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 210.295942] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 210.308873] chnl_net:caif_netlink_parms(): no params data found [ 210.319036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.344664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.352530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.360553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.368871] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.375250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.387483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.394557] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.401824] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.409276] device bridge_slave_0 entered promiscuous mode [ 210.446213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.454742] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.461861] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.470010] device bridge_slave_1 entered promiscuous mode [ 210.479209] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.506155] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.513574] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.521181] device bridge_slave_0 entered promiscuous mode [ 210.532149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.540302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.551521] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.560594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.570995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.578254] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.584616] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.592084] device bridge_slave_1 entered promiscuous mode [ 210.599225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.606115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.613263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.623862] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 210.630066] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.645971] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.653740] team0: Port device team_slave_0 added [ 210.668016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.675737] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.685821] team0: Port device team_slave_1 added [ 210.696788] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.704544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.717346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.725436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.736191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.744124] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.750532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.758176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.766079] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.774028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.781926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.791319] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.798594] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.808464] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.817490] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.827908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.835747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.843120] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.850321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.858429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.868186] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.874530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.881567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.890099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.904786] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.912688] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.928800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 210.939036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 210.953343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.960834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.968614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.976717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.984562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.993145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.003825] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 211.010350] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.022758] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.031812] team0: Port device team_slave_0 added [ 211.038026] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.045715] team0: Port device team_slave_1 added [ 211.090103] device hsr_slave_0 entered promiscuous mode [ 211.127370] device hsr_slave_1 entered promiscuous mode [ 211.188381] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.195636] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.204986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.213274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.223979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.232079] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 211.239293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.248014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.255843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.263587] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.269969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.277001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.285133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.304067] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.312394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.342486] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.350954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.421101] device hsr_slave_0 entered promiscuous mode [ 211.467334] device hsr_slave_1 entered promiscuous mode [ 211.507321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.515296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.526017] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.532427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.540188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.548128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.555963] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.571313] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 211.580179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.590358] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.599060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.606281] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.621804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.629944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.638847] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.646421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.656686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 211.669249] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 211.681356] audit: type=1400 audit(1569301503.918:38): avc: denied { associate } for pid=7555 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 211.709191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.716856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.725936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.734388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.743552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.758681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.766149] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 211.773199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.786728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.799538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.816855] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 05:05:04 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000005400000098fcffffe4d7fa370000005b49f9b1f291c483bd03fb849460c2cac866ea1dd2486e5e3a755ffc98651fd8401e79493eae1018d1b5f69c7dc59694507fe9f865ec6c3afcd7e6b0e277296560154cd4ba81cf3c6801a794ecef70b4cb5e778d268978dec5fcb3f6b68675b814ac890db2b0d92a5dbaaceda5b999b51d42c7c02d92ddd7d4d774e28f55444ba1649bcb786a8e63e2a83c619fa3b00305f635a7a6becea582b39bd8021f93a19fb4e5a3a524c93eed870c716e8c90b879fd64030646d748e083b6f2681c57857b259b34ef8ed90e0bf583a6706f1df28621754fc00f5f5acddf184bd18548ee12aab6a2f6523d3755218d26d390f29bfb5185bfb61a0069949e7e0c0bb4881ca46f7402195cc2ab9ac3866131790d50c1aa968c91e0309380a0c1c85180da7c6b740aec9581fe46c56a9dff15476cca6e7720258cc2130a2df4e06c9e934b"], &(0x7f000000ed80)=""/99, 0xffffffffffffff27, 0x63}, 0x20) 05:05:04 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, 0x0, 0x0) [ 211.834364] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.856722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.875237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 05:05:04 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) [ 211.898510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.906786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.931031] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.938871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 05:05:04 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/v/lo\xff\xf8\xff\x00', 0x357c01, 0x0) [ 211.959704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.977480] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 211.984733] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 211.999351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 212.019594] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.032337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.049413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.056813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.065300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.075013] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 212.082277] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.091645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.101380] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.128505] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.137768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 212.151481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.160251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.168219] bridge0: port 1(bridge_slave_0) entered blocking state 05:05:04 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, 0x0, 0x0) [ 212.174593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.182387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.197107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.204243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.218191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.245339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.256894] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 212.270381] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.288897] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 212.294987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.311105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.327428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.335482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 05:05:04 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = creat(0x0, 0x0) write$smack_current(r0, 0x0, 0x0) [ 212.344268] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.350812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.367343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.382456] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.395991] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 212.407609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.422412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.434836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.443248] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.450926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.460259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.470905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.480184] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.501818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.513617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.534137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 05:05:04 executing program 1: open(0x0, 0x0, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x0) [ 212.548534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.556519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.565708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.574655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.591664] bridge0: port 2(bridge_slave_1) entered blocking state 05:05:04 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x27, &(0x7f0000000100), &(0x7f0000000140)=0x4) [ 212.598109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.614578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.634397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.645071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.656717] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.678277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.686228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.695465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.711904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.729715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 212.749697] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.757671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.765213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.793822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.815680] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.838790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 212.851134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.875599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.887925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.895196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.905568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.913688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.922014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.930706] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.938764] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 212.944830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.955296] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 212.961520] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.972091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.982421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.990512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.005314] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.014335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.022364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.033367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.041558] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.048573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.055599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.063342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.071024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.079982] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.091508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.104511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.111509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.120156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.129429] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.135915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.145515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.154132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.163007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.171911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 213.187482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.203895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.212325] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready 05:05:05 executing program 2: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, 0x0, 0x0) 05:05:05 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x5275ff10ab05f0c5, 0x0) [ 213.223101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.232091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.247843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.275511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.292241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.309137] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.343684] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.361626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.384703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.402057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.414123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.423743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.435334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.443190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.452637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.461311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.469319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.480601] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.486767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.503908] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.525627] 8021q: adding VLAN 0 to HW filter on device batadv0 05:05:05 executing program 4: 05:05:05 executing program 5: 05:05:05 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) ioctl$PPPIOCDISCONN(r0, 0x7439) 05:05:05 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, r0, 0x0, 0x0) 05:05:05 executing program 2: pipe(0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) 05:05:05 executing program 1: 05:05:05 executing program 1: 05:05:05 executing program 3: 05:05:05 executing program 4: 05:05:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0xdcd13029b12a5ad4}, 0x0) 05:05:05 executing program 5: capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r0 = socket$netlink(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x0, 0x480001}, 0xc) 05:05:06 executing program 1: 05:05:06 executing program 4: 05:05:06 executing program 5: 05:05:06 executing program 3: 05:05:06 executing program 2: 05:05:06 executing program 0: 05:05:06 executing program 1: 05:05:06 executing program 3: 05:05:06 executing program 5: 05:05:06 executing program 1: 05:05:06 executing program 2: 05:05:06 executing program 4: 05:05:06 executing program 0: 05:05:06 executing program 4: 05:05:06 executing program 5: 05:05:06 executing program 3: 05:05:06 executing program 2: 05:05:06 executing program 1: 05:05:06 executing program 0: 05:05:06 executing program 2: 05:05:06 executing program 5: 05:05:06 executing program 3: 05:05:06 executing program 4: 05:05:06 executing program 1: 05:05:06 executing program 0: 05:05:06 executing program 5: 05:05:06 executing program 2: 05:05:06 executing program 3: 05:05:06 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x5423, 0x0) 05:05:06 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x54a0, 0x0) 05:05:06 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x40505412, 0x0) 05:05:06 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4) sendmsg$kcm(r1, &(0x7f0000000840)={&(0x7f0000000380)=@in={0x2, 0x0, @dev}, 0x80, 0x0}, 0x0) 05:05:07 executing program 3: 05:05:07 executing program 2: 05:05:07 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{}, "8f2cb530c4c5131d", "3a6bc8cbf5f0c26e95c106070f435ee6", "aeb368b2", "73d2aaccb759e14d"}, 0x28) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000540)="0a99b3e3930870dcd4c6d68e6abe088af4ccdbe6dc85ed63bcee4834cd53f8a19cfad5357423b08db538753bcf550f05d219f8c6ca03228dd8d293261ba071190f47d70c95a97fe5d4cb7511e180f73e8ef5e2f7ee4f47c1a036e37e87414e615396eeb918828e", 0x67}, {&(0x7f00000003c0)="b1252522629f34a16eef84ce1b0063a44d2793e337dc2c6bb2d81b53e3fce25735962003d59c73b5c7e008a287d2a1d4", 0x30}, {&(0x7f0000000700)="c2e03ca050ae6e9864a1798b5cc6822a6179ef8da5cd850e45cd71cd4dfe222335695c1aa33ed46d46bd8b2e6cad6ddcf596", 0x32}], 0x3) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r2, 0x0, 0x36, 0x0, &(0x7f0000000140)="5c71f90569c413551b2ac06c86dd2f6df1396e4e89b7bf71fefb2119569146b3020fb6b5d031f9fada7563e5128d0db25da18b350735", 0x0, 0x10000}, 0x28) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r4 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000610000005400000000000000950000001aac9eccf35c123340ee662cd969e900000000"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r4, 0x0, 0x15, 0x0, &(0x7f0000000140)="5c71f90569c413551b2ac06c86dd2f6df1396e4e89", 0x0}, 0x40) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r5, 0x0, 0x36, 0x0, &(0x7f0000000140)="5c71f90569c413551b2ac06c86dd2f6df1396e4e89b7bf71fefb2119569146b3020fb6b5d031f9fada7563e5128d0db25da18b350735", 0x0, 0x10000}, 0x28) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x2a, 0x0, &(0x7f0000000140)="5c71f90569c413551b2ac06c86dd2f6df1396e4e89b7bf71fefb2119569146b3020fb6b5d031f9fada75", 0x0, 0x10000, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x40) write$binfmt_script(r0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="8cb08f70aca1f2e24e7dc4636db1607852800ad7239bfbb123065f68cd67943bc81a1d56defee801abbb295542689614ad3cf075062ecc8fff703998f05b4a75cd21c51a0cdf5c1d22ec6c88b2f328c35d2284ce373751008f2fe11265fc7b892d9211b9f2b8d60d65de6a11b376b8379dea0e24d9d54997f9b0c35fdbb691b6a85b1dd2", 0x84}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 05:05:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80803, 0x87) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x2b}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x92}}, 0xe8) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 05:05:07 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x40485404, 0x0) 05:05:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioprio_set$uid(0x0, 0x0, 0x7fff) 05:05:07 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() ioprio_get$pid(0x1, r1) 05:05:07 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() ioprio_get$pid(0x2, r1) [ 214.985793] audit: type=1400 audit(1569301507.218:39): avc: denied { prog_load } for pid=7726 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 05:05:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:05:07 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000640)=""/246) syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000001500)=[{0x0}], 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x4004743d, &(0x7f0000001080)=""/246) 05:05:07 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000640)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x4004743d, &(0x7f0000001080)=""/246) ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000000)) 05:05:07 executing program 5: seccomp(0x1, 0x0, &(0x7f00000005c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xffffffffffffffff}]}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) 05:05:07 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179", 0x56}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x9, r0, 0x0, 0x0) [ 215.188728] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 215.238624] audit: type=1326 audit(1569301507.458:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0xffff0000 05:05:07 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) 05:05:07 executing program 4: seccomp(0x1, 0x0, &(0x7f00000005c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xffffffffffffffff}]}) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 05:05:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r0, r1, 0x0) r2 = dup(r1) ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, 0x0) 05:05:07 executing program 2: accept4$netrom(0xffffffffffffffff, 0x0, 0x0, 0xc00) 05:05:07 executing program 3: openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x12a8c4, 0x0) 05:05:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff15d6d891a92efa823a3c231ea82fdf0e7fcf567bf50600a243422daa960ab9f4b41d535a4e723362f56de8c859fa668b046005fc1e44e4e4b7966c8bbd036be5e23eb4b3d4e3d5bfe025b413ce4fd56f7ec78071f58e2979f98979a9013af6dae8e", 0x108}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x9, r0, 0x0, 0x0) 05:05:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x202, 0x0, 0x0, 0x0, 0x80, &(0x7f0000000000)='veth0_to_team\x00'}) [ 215.754663] audit: type=1326 audit(1569301507.988:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7792 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0xffff0000 05:05:08 executing program 3: r0 = creat(&(0x7f00000004c0)='./file0\x00', 0x0) accept4$ax25(r0, 0x0, 0x0, 0x0) 05:05:08 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000080)) 05:05:08 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$DRM_IOCTL_UNLOCK(r0, 0x4008642b, 0x0) [ 215.867737] audit: type=1400 audit(1569301508.088:42): avc: denied { create } for pid=7789 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 05:05:08 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) write$P9_RRENAMEAT(r1, 0x0, 0x0) 05:05:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) dup2(r0, r1) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, 0x0) 05:05:08 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, 0x0) [ 216.024324] audit: type=1326 audit(1569301508.258:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0xffff0000 05:05:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r2 = dup2(r0, r1) ioctl$VIDIOC_SUBDEV_G_SELECTION(r2, 0xc040563d, 0x0) [ 216.551775] audit: type=1326 audit(1569301508.788:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7792 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0xffff0000 05:05:08 executing program 0: syz_open_dev$sndpcmc(0x0, 0x0, 0x4a0000) 05:05:08 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = inotify_init() dup3(r0, r1, 0x0) r2 = inotify_init() r3 = dup2(r1, r2) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, 0x0, 0x0) 05:05:08 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) accept$netrom(r0, 0x0, 0x0) 05:05:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = dup(r0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, 0x0) 05:05:09 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, 0x0) 05:05:09 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x2007, &(0x7f0000000000)=[{&(0x7f0000000140)="2e0000003300050ad25a80648c6394fb0124fc0010000b400c000200053582c137153e370a00018004081700d1bd", 0x2e}], 0x1}, 0x0) 05:05:09 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b700000001edffffbfa30000000000003503000028feffff620af0fff8ffffff71a4f0ff000000000f040000000000007e400300000000006504000001ed000067000000010000006c44000000000000630a00fe000000001f00000000000000b7000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b5e4fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4ef154400e2438ec649dc74a1a610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06ad99edc3a6138d5fcfba53f8d0c67ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a4040996e37c4f46756d"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) 05:05:09 executing program 1: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xab1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8e2, 0x3, 0x0, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000004c0), 0x3}, 0x82c6b155ac0f06a2}, 0x0, 0xa, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000840)='cpuset.effective_mems\x00o\x90\x99\x05\x05\x98\xd4t\xbf\x02\xfd\x89z\x1b\xba\x9a\xc1\x9b/\xeb\x96-\x87\x98\x89eo\xd6=\xe5Z\xc6\xe9\x83G\xdc\xc9v>\xcd\xe1\x1ca\xe5f\xd4Q\xe7\x84w3\xfdh\x05\x06\xc3\xe7\xcd\v\xe9\'\xc7-+\xb8\xa4\xac\xe0\x17\xf3\x15\xe0\xfb\x8e#\x1b|\xde\x0f\x94\x1c\x18\x15^\xb0\n\xf0\x04\xbe\xbb\x8c\xd6!\xe8_\xcaK5N<\xe7\xf4\x1dQ\x0e_\xb9\xa5\x01\x8c\x99\x010\x13\xfd\b\x01\xb9v\xca\x87\xf0\xc4*\x06P\xd4\"\xdf\x81\xfa\x83i^\xe3\x8b\xf5\xd4+5h\xcbv\x00 \t\x85\xeb\tf\xfc\x81#\xefr(\x8dX\x962N/\x93', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000006c0)=@pppoe={0x18, 0x0, {0x2, @random="1250c8010805", 'batadv0\x00'}}, 0x80, 0x0}, 0x5000040) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000080)={'tunl0\x00'}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='/\x02roup.stap\x00\bJ\x96\xec\xf6\xb5\xd2\x9a7\\\xcd\xf0t(\xcb\xf6>V\x92\xe3ra8\r\x8a\xfc\xefX\x1bw\x8c\xd6B\xc7\x1b\x97t\xa8d\xa58\xba\x91\x80\xe0Z\xd4\x86%\xc9\xbeQ~<\xc53\x10:\xae\xdd\xb4s\x7f\x8b\xe9\xeae\x1f\b\xe4\xee\x01B', 0x2761, 0x0) write$cgroup_type(r1, &(0x7f0000000440)='threaded\x00', 0x38b) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x2ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000480)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0xccd, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580), 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) getpid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) socket$kcm(0x2b, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'all\x00\x19\x00\x00!C\x19d\xb4\xa0\xb4v\x00', 0x420000014801}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') [ 216.850469] audit: type=1400 audit(1569301509.088:45): avc: denied { write } for pid=7856 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 216.852091] openvswitch: netlink: Message has 6 unknown bytes. [ 216.981846] hrtimer: interrupt took 24860 ns 05:05:10 executing program 5: 05:05:10 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffc6d, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff6f, 0x240, 0x0, 0x19d) 05:05:10 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x0, 0x6, 0x4, {0x2, @raw_data="37eff265344fbfa30c2a38da0058488681818c09f696cb927986149d4db7e61f231ebed05e73dbb46d0c32aeefcf9e6d9c07004d837c7d89baad901a0c27dadb0b9776316a2c36b33646115376e3602346de9a65e5d812ecf6eeb88f247ed31abc084429e7d6a0f8935c808ac4a805ebe45005271260780a78abcf70deaff66bccb36c3d9fb3c831a9e576ad07f3ce722003c54f90a4dfba0e81095ad2f480009003cdd592bb47b86b4224fee36fbe35865d14833c4094de11b300"}}) ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000000)=0x2) dup3(r0, r1, 0x0) 05:05:10 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x2007, &(0x7f0000000000)=[{&(0x7f0000000140)="2e0000003300050ad25a80648c6394fb0124fc0010000b400c000200093582c137153e370400018004081700d1bd", 0x2e}], 0x1}, 0x0) 05:05:10 executing program 1: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xab1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4c1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8e2, 0x3, 0x0, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000004c0), 0x3}, 0x82c6b155ac0f06a2}, 0x0, 0xa, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000840)='cpuset.effective_mems\x00o\x90\x99\x05\x05\x98\xd4t\xbf\x02\xfd\x89z\x1b\xba\x9a\xc1\x9b/\xeb\x96-\x87\x98\x89eo\xd6=\xe5Z\xc6\xe9\x83G\xdc\xc9v>\xcd\xe1\x1ca\xe5f\xd4Q\xe7\x84w3\xfdh\x05\x06\xc3\xe7\xcd\v\xe9\'\xc7-+\xb8\xa4\xac\xe0\x17\xf3\x15\xe0\xfb\x8e#\x1b|\xde\x0f\x94\x1c\x18\x15^\xb0\n\xf0\x04\xbe\xbb\x8c\xd6!\xe8_\xcaK5N<\xe7\xf4\x1dQ\x0e_\xb9\xa5\x01\x8c\x99\x010\x13\xfd\b\x01\xb9v\xca\x87\xf0\xc4*\x06P\xd4\"\xdf\x81\xfa\x83i^\xe3\x8b\xf5\xd4+5h\xcbv\x00 \t\x85\xeb\tf\xfc\x81#\xefr(\x8dX\x962N/\x93', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000006c0)=@pppoe={0x18, 0x0, {0x2, @random="1250c8010805", 'batadv0\x00'}}, 0x80, 0x0}, 0x5000040) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000080)={'tunl0\x00'}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='/\x02roup.stap\x00\bJ\x96\xec\xf6\xb5\xd2\x9a7\\\xcd\xf0t(\xcb\xf6>V\x92\xe3ra8\r\x8a\xfc\xefX\x1bw\x8c\xd6B\xc7\x1b\x97t\xa8d\xa58\xba\x91\x80\xe0Z\xd4\x86%\xc9\xbeQ~<\xc53\x10:\xae\xdd\xb4s\x7f\x8b\xe9\xeae\x1f\b\xe4\xee\x01B', 0x2761, 0x0) write$cgroup_type(r1, &(0x7f0000000440)='threaded\x00', 0x38b) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x2ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000480)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0xccd, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580), 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) getpid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) socket$kcm(0x2b, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'all\x00\x19\x00\x00!C\x19d\xb4\xa0\xb4v\x00', 0x420000014801}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') 05:05:10 executing program 4: [ 218.694070] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. [ 218.724374] ================================================================== [ 218.732373] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x159/0x160 [ 218.739090] Read of size 8 at addr ffff888089c1e020 by task syz-executor.0/7885 [ 218.746718] [ 218.748365] CPU: 0 PID: 7885 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 218.755215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.764578] Call Trace: [ 218.764607] dump_stack+0x172/0x1f0 [ 218.764626] ? v4l2_ctrl_grab+0x159/0x160 [ 218.764644] print_address_description.cold+0x7c/0x20d [ 218.764658] ? v4l2_ctrl_grab+0x159/0x160 [ 218.764672] kasan_report.cold+0x8c/0x2ba [ 218.764694] ? vidioc_querycap+0x110/0x110 [ 218.764708] __asan_report_load8_noabort+0x14/0x20 [ 218.764718] v4l2_ctrl_grab+0x159/0x160 [ 218.775194] ? vidioc_querycap+0x110/0x110 [ 218.775207] vicodec_stop_streaming+0x158/0x1a0 [ 218.775221] ? vicodec_return_bufs+0x220/0x220 [ 218.799054] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 218.802002] __vb2_queue_cancel+0xb1/0x790 [ 218.802025] ? vidioc_querycap+0x110/0x110 [ 218.802043] ? dev_debug_store+0x110/0x110 [ 218.831796] vb2_core_queue_release+0x28/0x80 [ 218.831814] vb2_queue_release+0x16/0x20 05:05:11 executing program 3: 05:05:11 executing program 2: 05:05:11 executing program 2: [ 218.840524] v4l2_m2m_ctx_release+0x2d/0x40 [ 218.840537] vicodec_release+0xc0/0x120 [ 218.840552] v4l2_release+0xf9/0x1a0 [ 218.840568] __fput+0x2dd/0x8b0 [ 218.840589] ____fput+0x16/0x20 [ 218.863194] task_work_run+0x145/0x1c0 [ 218.867112] exit_to_usermode_loop+0x273/0x2c0 [ 218.871720] do_syscall_64+0x53d/0x620 [ 218.875644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.880845] RIP: 0033:0x459a09 05:05:11 executing program 2: [ 218.884055] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.903051] RSP: 002b:00007f0d92656c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 [ 218.903067] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 0000000000459a09 [ 218.903074] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 218.903082] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 218.903089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d926576d4 05:05:11 executing program 2: [ 218.903097] R13: 00000000004c0072 R14: 00000000004d20d8 R15: 00000000ffffffff [ 218.903116] [ 218.925535] Allocated by task 7885: [ 218.955316] save_stack+0x45/0xd0 [ 218.958790] kasan_kmalloc+0xce/0xf0 [ 218.963051] __kmalloc_node+0x51/0x80 [ 218.966866] kvmalloc_node+0x68/0x100 [ 218.970771] v4l2_ctrl_new.part.0+0x214/0x1450 [ 218.975546] v4l2_ctrl_new_std+0x22d/0x360 [ 218.980064] vicodec_open+0x1a8/0xb30 [ 218.983885] v4l2_open+0x1b2/0x360 [ 218.987498] chrdev_open+0x245/0x6b0 05:05:11 executing program 3: [ 218.991245] do_dentry_open+0x4c3/0x1210 [ 218.995935] vfs_open+0xa0/0xd0 [ 218.999236] path_openat+0x10d7/0x45e0 [ 219.003217] do_filp_open+0x1a1/0x280 [ 219.007018] do_sys_open+0x3fe/0x550 [ 219.007029] __x64_sys_openat+0x9d/0x100 [ 219.007042] do_syscall_64+0xfd/0x620 [ 219.007056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.007059] [ 219.007065] Freed by task 7885: [ 219.007077] save_stack+0x45/0xd0 [ 219.007092] __kasan_slab_free+0x102/0x150 [ 219.041026] kasan_slab_free+0xe/0x10 [ 219.045054] kfree+0xcf/0x220 [ 219.048272] kvfree+0x61/0x70 [ 219.051399] v4l2_ctrl_handler_free+0x4a8/0x7e0 [ 219.056981] vicodec_release+0x6b/0x120 [ 219.060980] v4l2_release+0xf9/0x1a0 [ 219.064746] __fput+0x2dd/0x8b0 [ 219.068240] ____fput+0x16/0x20 [ 219.071552] task_work_run+0x145/0x1c0 [ 219.075583] exit_to_usermode_loop+0x273/0x2c0 [ 219.080349] do_syscall_64+0x53d/0x620 [ 219.080368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.089606] [ 219.089616] The buggy address belongs to the object at ffff888089c1e000 [ 219.089616] which belongs to the cache kmalloc-256 of size 256 [ 219.089626] The buggy address is located 32 bytes inside of [ 219.089626] 256-byte region [ffff888089c1e000, ffff888089c1e100) [ 219.089630] The buggy address belongs to the page: [ 219.089641] page:ffffea0002270780 count:1 mapcount:0 mapping:ffff88812c3f07c0 index:0x0 [ 219.089653] flags: 0x1fffc0000000100(slab) [ 219.089670] raw: 01fffc0000000100 ffffea00023b4388 ffffea000211d608 ffff88812c3f07c0 [ 219.089685] raw: 0000000000000000 ffff888089c1e000 000000010000000c 0000000000000000 [ 219.151487] page dumped because: kasan: bad access detected [ 219.157455] [ 219.159354] Memory state around the buggy address: [ 219.164491] ffff888089c1df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 219.172040] ffff888089c1df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 219.179414] >ffff888089c1e000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.187279] ^ 05:05:11 executing program 5: 05:05:11 executing program 2: [ 219.191697] ffff888089c1e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.201357] ffff888089c1e100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 219.209330] ================================================================== [ 219.216872] Disabling lock debugging due to kernel taint [ 219.297305] Kernel panic - not syncing: panic_on_warn set ... [ 219.297305] [ 219.305060] CPU: 1 PID: 7885 Comm: syz-executor.0 Tainted: G B 4.19.75 #0 [ 219.311523] kobject: 'tx-0' (000000001332bb12): kobject_uevent_env [ 219.313470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.313475] Call Trace: [ 219.313495] dump_stack+0x172/0x1f0 [ 219.313511] ? v4l2_ctrl_grab+0x159/0x160 [ 219.313523] panic+0x263/0x507 [ 219.313540] ? __warn_printk+0xf3/0xf3 [ 219.320289] kobject: 'tx-0' (000000001332bb12): fill_kobj_path: path = '/devices/virtual/net/all/queues/tx-0' [ 219.329309] ? v4l2_ctrl_grab+0x159/0x160 [ 219.329324] ? preempt_schedule+0x4b/0x60 [ 219.329339] ? ___preempt_schedule+0x16/0x18 [ 219.329354] ? trace_hardirqs_on+0x5e/0x220 [ 219.329367] ? v4l2_ctrl_grab+0x159/0x160 [ 219.329385] kasan_end_report+0x47/0x4f [ 219.385925] kasan_report.cold+0xa9/0x2ba [ 219.390151] ? vidioc_querycap+0x110/0x110 [ 219.394399] __asan_report_load8_noabort+0x14/0x20 [ 219.399330] v4l2_ctrl_grab+0x159/0x160 [ 219.403574] ? vidioc_querycap+0x110/0x110 [ 219.407892] vicodec_stop_streaming+0x158/0x1a0 [ 219.412552] ? vicodec_return_bufs+0x220/0x220 [ 219.417141] __vb2_queue_cancel+0xb1/0x790 [ 219.422526] ? vidioc_querycap+0x110/0x110 [ 219.426760] ? dev_debug_store+0x110/0x110 [ 219.430991] vb2_core_queue_release+0x28/0x80 [ 219.435575] vb2_queue_release+0x16/0x20 [ 219.439640] v4l2_m2m_ctx_release+0x2d/0x40 [ 219.443951] vicodec_release+0xc0/0x120 [ 219.448020] v4l2_release+0xf9/0x1a0 [ 219.451725] __fput+0x2dd/0x8b0 [ 219.455226] ____fput+0x16/0x20 [ 219.458592] task_work_run+0x145/0x1c0 [ 219.462658] exit_to_usermode_loop+0x273/0x2c0 [ 219.467251] do_syscall_64+0x53d/0x620 [ 219.471147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.476325] RIP: 0033:0x459a09 [ 219.479506] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 219.498645] RSP: 002b:00007f0d92656c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 [ 219.506624] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 0000000000459a09 [ 219.514334] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 219.521712] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 219.529671] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d926576d4 [ 219.536953] R13: 00000000004c0072 R14: 00000000004d20d8 R15: 00000000ffffffff [ 219.545960] Kernel Offset: disabled [ 219.549776] Rebooting in 86400 seconds..