[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.224313] kauditd_printk_skb: 8 callbacks suppressed [ 29.224325] audit: type=1800 audit(1544593313.363:29): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.251515] audit: type=1800 audit(1544593313.363:30): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.409714] sshd (6045) used greatest stack depth: 15600 bytes left Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2018/12/12 05:42:04 fuzzer started 2018/12/12 05:42:06 dialing manager at 10.128.0.26:34565 2018/12/12 05:42:07 syscalls: 1 2018/12/12 05:42:07 code coverage: enabled 2018/12/12 05:42:07 comparison tracing: enabled 2018/12/12 05:42:07 setuid sandbox: enabled 2018/12/12 05:42:07 namespace sandbox: enabled 2018/12/12 05:42:07 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/12 05:42:07 fault injection: enabled 2018/12/12 05:42:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/12 05:42:07 net packet injection: enabled 2018/12/12 05:42:07 net device setup: enabled 05:45:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f00000001c0), 0x12) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], 0x1) [ 232.042734] IPVS: ftp: loaded support on port[0] = 21 05:45:16 executing program 1: r0 = socket$inet6(0xa, 0x10000080003, 0x1) recvmmsg(r0, &(0x7f0000006540)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/181, 0xb5}, 0x8}], 0x2, 0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x5) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) [ 232.314533] IPVS: ftp: loaded support on port[0] = 21 05:45:16 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) [ 232.671656] IPVS: ftp: loaded support on port[0] = 21 05:45:17 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) [ 233.189860] IPVS: ftp: loaded support on port[0] = 21 05:45:17 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6(0xa, 0x803, 0x3) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) ioctl$sock_inet_SIOCGIFNETMASK(r2, 0x891b, &(0x7f00000001c0)={'ip6gretap0\x00', {0x2, 0x4e23, @multicast1}}) ptrace$cont(0x7, r3, 0x7, 0x3) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='lp\x00', 0x3) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) r4 = dup3(r2, r1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x7ff, 0x0, 0x3, 0x0, 0x9, 0xfc0}, 0x20) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, 0x0, 0x4f}, 0x100) write$binfmt_elf64(r2, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 233.610419] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.617055] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.636288] device bridge_slave_0 entered promiscuous mode [ 233.736384] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.767837] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.775830] device bridge_slave_1 entered promiscuous mode [ 233.880941] IPVS: ftp: loaded support on port[0] = 21 [ 233.916329] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.930104] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.937628] device bridge_slave_0 entered promiscuous mode [ 233.963742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 05:45:18 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioperm(0x0, 0x2, 0x0) ioperm(0x0, 0x3, 0x0) [ 234.130556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.137938] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.148488] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.165969] device bridge_slave_1 entered promiscuous mode [ 234.329137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.402920] IPVS: ftp: loaded support on port[0] = 21 [ 234.462512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.530913] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.644073] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.838297] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.851120] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.858604] device bridge_slave_0 entered promiscuous mode [ 234.876914] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.952812] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.986043] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.993786] device bridge_slave_1 entered promiscuous mode [ 235.015055] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.131078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.138046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.178386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.273442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.290646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.353573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 235.417209] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.440604] team0: Port device team_slave_0 added [ 235.534290] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.550286] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.576754] device bridge_slave_0 entered promiscuous mode [ 235.588790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.600737] team0: Port device team_slave_1 added [ 235.686635] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.695984] team0: Port device team_slave_0 added [ 235.722106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.736802] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.743508] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.764714] device bridge_slave_1 entered promiscuous mode [ 235.792763] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.809071] team0: Port device team_slave_1 added [ 235.822536] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.861873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.876561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.948935] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.989106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.999759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.009768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.044890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.067227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.116703] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.129310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.142938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.161002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.181859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.197531] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.257983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.269061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.286248] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.294168] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.302130] device bridge_slave_0 entered promiscuous mode [ 236.316580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.326778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.378490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.407209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.415789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.445183] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.461036] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.481566] device bridge_slave_1 entered promiscuous mode [ 236.516965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.530555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.538618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.583181] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.609648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.678101] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.765901] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.805112] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.815104] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.832374] device bridge_slave_0 entered promiscuous mode [ 236.851914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.859379] team0: Port device team_slave_0 added [ 236.964047] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.987251] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.002036] device bridge_slave_1 entered promiscuous mode [ 237.014161] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.027400] team0: Port device team_slave_1 added [ 237.083095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 237.168270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.187929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.207639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.233477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 237.263484] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.293192] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.311197] team0: Port device team_slave_0 added [ 237.331062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.337976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.360950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.406883] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.428203] team0: Port device team_slave_1 added [ 237.461144] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.480272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.496411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.519071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.561647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.592110] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.599691] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.640954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.651273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.663476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.693476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.709006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.724538] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.735934] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.742483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.749600] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.756045] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.769162] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.794761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.817445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.831701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.869656] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.912009] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.920878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.931247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.042138] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.054640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.063386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.139107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.256370] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.262867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.269567] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.276027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.289173] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 238.299835] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.330897] team0: Port device team_slave_0 added [ 238.525489] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.539553] team0: Port device team_slave_1 added [ 238.553052] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.568964] team0: Port device team_slave_0 added [ 238.720555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 238.728685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.738138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.748944] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.760857] team0: Port device team_slave_1 added [ 238.863505] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 238.881151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.892690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.929512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.046294] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 239.062822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.075479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.090823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.140709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.164936] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 239.180266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.196460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.227951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 239.258777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.268919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.301865] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 239.311861] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.318244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.324999] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.331425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.343243] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.352257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.383816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.528730] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.535202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.541951] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.548334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.566628] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.159308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.181208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.629212] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.635685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.642427] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.648837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.657875] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.672934] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.679332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.686069] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.692483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.708960] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 241.160048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.171985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.399153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.751880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.905112] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.252831] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.413308] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.421904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.435506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.747973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.830480] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.836673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.850753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.883987] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.088146] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.252138] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.409480] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.663964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.694457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.781270] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.787531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.795108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.946485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.191016] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 246.202016] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.208210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.220820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.263457] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.527892] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 246.620163] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.721000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.727217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.736717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.998217] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.006177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.020873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.280869] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.480129] 8021q: adding VLAN 0 to HW filter on device team0 05:45:32 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/14, 0xe}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d80)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000080)={0x3}, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x1000)=nil) pkey_alloc(0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f00000000c0), 0x4) [ 248.870096] list_add corruption. next->prev should be prev (ffff8881ca5bc270), but was ffff8881d2cb2b70. (next=ffffffff8a1dca60). [ 248.882601] ------------[ cut here ]------------ [ 248.887386] kernel BUG at lib/list_debug.c:25! [ 248.892058] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 248.897434] CPU: 1 PID: 7557 Comm: syz-executor4 Not tainted 4.20.0-rc6-next-20181210+ #164 [ 248.905955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.915452] RIP: 0010:__list_add_valid.cold.2+0xf/0x2a [ 248.920746] Code: e5 80 88 e8 11 1f d2 fd 0f 0b 48 89 de 48 c7 c7 60 e5 80 88 e8 00 1f d2 fd 0f 0b 48 89 d9 48 c7 c7 20 e6 80 88 e8 ef 1e d2 fd <0f> 0b 48 89 f1 48 c7 c7 a0 e6 80 88 48 89 de e8 db 1e d2 fd 0f 0b [ 248.939685] RSP: 0018:ffff8881dad06dc0 EFLAGS: 00010286 [ 248.945084] RAX: 0000000000000075 RBX: ffffffff8a1dca60 RCX: 0000000000000000 [ 248.952377] RDX: 0000000000000000 RSI: ffffffff816621c5 RDI: 0000000000000005 [ 248.959653] RBP: ffff8881dad06dd8 R08: ffff8881c36b6000 R09: ffffed103b5a5020 [ 248.966944] R10: ffffed103b5a5020 R11: ffff8881dad28107 R12: ffff8881c92f4bb0 [ 248.974247] R13: ffff8881c92f4940 R14: ffffffff8a1dc820 R15: ffffffff8a1dcab0 [ 248.981528] FS: 0000000001fe8940(0000) GS:ffff8881dad00000(0000) knlGS:0000000000000000 [ 248.989779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.995673] CR2: 00000000004dca5b CR3: 00000001ce993000 CR4: 00000000001406e0 [ 249.003137] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 249.010426] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 249.017697] Call Trace: [ 249.020281] [ 249.022511] ___neigh_create+0x14b7/0x2600 [ 249.026768] ? neigh_remove_one+0x5a0/0x5a0 [ 249.031143] ? print_usage_bug+0xc0/0xc0 [ 249.035214] ? graph_lock+0x270/0x270 [ 249.039037] ? find_held_lock+0x36/0x1c0 [ 249.043204] ? ipv6_chk_mcast_addr+0x350/0x940 [ 249.047804] ? lock_downgrade+0x900/0x900 [ 249.051973] ? check_preemption_disabled+0x48/0x280 [ 249.057075] ? kasan_check_read+0x11/0x20 [ 249.061272] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 249.066565] ? lock_acquire+0x1ed/0x520 [ 249.070617] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.071542] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.076183] ? check_preemption_disabled+0x48/0x280 [ 249.076221] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 249.093247] ? rcu_pm_notify+0xc0/0xc0 [ 249.097158] __neigh_create+0x30/0x40 [ 249.100005] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.101020] ip6_finish_output2+0xa64/0x2940 [ 249.114913] ? irq_exit+0x17f/0x1c0 [ 249.118559] ? find_held_lock+0x36/0x1c0 [ 249.122627] ? ip6_forward_finish+0x560/0x560 [ 249.127138] ? ip6_mtu+0x39c/0x520 [ 249.131212] ? lock_downgrade+0x900/0x900 [ 249.135375] ? check_preemption_disabled+0x48/0x280 [ 249.140421] ? kasan_check_read+0x11/0x20 [ 249.144579] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 249.149875] ? rcu_read_unlock_special+0x370/0x370 [ 249.154825] ? ip6_mtu+0x160/0x520 [ 249.158395] ? find_match+0x10a0/0x10a0 [ 249.162386] ? kasan_check_read+0x11/0x20 [ 249.166545] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 249.171833] ip6_finish_output+0x58c/0xc60 [ 249.176092] ? ip6_finish_output+0x58c/0xc60 [ 249.180507] ip6_output+0x232/0x9d0 [ 249.182298] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.184142] ? ip6_finish_output+0xc60/0xc60 [ 249.184156] ? ip6_fragment+0x38b0/0x38b0 [ 249.184173] ? ip6_mtu_from_fib6+0x770/0x770 [ 249.195217] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.199133] mld_sendpack+0xad5/0xfa0 [ 249.199151] ? nf_hook.constprop.40+0x860/0x860 [ 249.221553] ? _raw_read_unlock_bh+0x30/0x40 [ 249.226005] ? trace_hardirqs_off_caller+0x310/0x310 [ 249.231125] ? __local_bh_enable_ip+0x160/0x260 [ 249.235811] mld_ifc_timer_expire+0x447/0x8a0 [ 249.240408] call_timer_fn+0x272/0x920 [ 249.244308] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 249.248984] ? process_timeout+0x40/0x40 [ 249.253057] ? mark_held_locks+0xc7/0x130 [ 249.257216] ? _raw_spin_unlock_irq+0x27/0x80 [ 249.261725] ? _raw_spin_unlock_irq+0x27/0x80 [ 249.266258] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 249.268154] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.270941] ? lockdep_hardirqs_on+0x296/0x5b0 [ 249.270955] ? trace_hardirqs_on+0xbd/0x310 [ 249.270970] ? kasan_check_read+0x11/0x20 [ 249.270987] ? __run_timers+0x7da/0xc70 [ 249.277458] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.281962] ? trace_hardirqs_off_caller+0x310/0x310 [ 249.281980] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 249.281991] __run_timers+0x7e5/0xc70 [ 249.282013] ? timer_fixup_init+0x70/0x70 [ 249.321548] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 249.326577] ? graph_lock+0x270/0x270 [ 249.330389] ? print_usage_bug+0xc0/0xc0 [ 249.334464] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 249.339665] ? find_held_lock+0x36/0x1c0 [ 249.343736] ? graph_lock+0x270/0x270 [ 249.347548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.353093] ? check_preemption_disabled+0x48/0x280 [ 249.358125] ? __lock_is_held+0xb5/0x140 [ 249.359558] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.362197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.362212] ? check_preemption_disabled+0x48/0x280 [ 249.362229] run_timer_softirq+0x52/0xb0 [ 249.368665] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.374170] ? rcu_read_lock_sched_held+0x14f/0x180 [ 249.374186] __do_softirq+0x308/0xb7e [ 249.374203] ? ktime_get_raw_ts64+0x4d0/0x4d0 [ 249.405990] ? lock_downgrade+0x900/0x900 [ 249.410153] ? __irqentry_text_end+0x1f9658/0x1f9658 [ 249.415381] ? pvclock_read_flags+0x160/0x160 [ 249.418133] kobject: 'loop3' (00000000ec142cca): kobject_uevent_env [ 249.419973] ? lapic_next_event+0x5a/0x90 [ 249.419994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.436079] ? kvm_clock_read+0x18/0x30 [ 249.439039] kobject: 'loop3' (00000000ec142cca): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 249.440066] ? kvm_sched_clock_read+0x9/0x20 [ 249.440083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.440098] ? check_preemption_disabled+0x48/0x280 [ 249.440117] irq_exit+0x17f/0x1c0 [ 249.467960] smp_apic_timer_interrupt+0x1cb/0x760 [ 249.472812] ? smp_reschedule_interrupt+0x109/0x650 [ 249.477869] ? smp_call_function_single_interrupt+0x650/0x650 [ 249.483769] ? interrupt_entry+0xb5/0xc0 [ 249.487839] ? trace_hardirqs_off_caller+0xbb/0x310 [ 249.492879] ? trace_hardirqs_off_caller+0xbb/0x310 [ 249.497949] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 249.502804] ? trace_hardirqs_on_caller+0x310/0x310 [ 249.503497] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.507836] ? trace_hardirqs_on_caller+0x310/0x310 [ 249.507940] ? task_prio+0x50/0x50 [ 249.507961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.525467] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.528439] ? check_preemption_disabled+0x48/0x280 [ 249.528460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 249.547772] apic_timer_interrupt+0xf/0x20 [ 249.552010] [ 249.554254] RIP: 0010:lock_acquire+0x268/0x520 [ 249.558838] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 44 02 00 00 48 83 3d f7 2d 10 08 00 0f 84 c3 01 00 00 48 8b bd 20 ff ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 249.571951] kobject: 'loop3' (00000000ec142cca): kobject_uevent_env [ 249.577750] RSP: 0018:ffff888185c16918 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 249.577764] RAX: dffffc0000000000 RBX: 1ffff11030b82d28 RCX: 0000000000000000 [ 249.577772] RDX: 1ffffffff12e4816 RSI: 0000000000000000 RDI: 0000000000000282 [ 249.577786] RBP: ffff888185c16a08 R08: ffff8881c36b68f0 R09: 0000000000000008 [ 249.613674] R10: 0000000000000050 R11: ffff8881c36b6000 R12: ffff8881c36b6000 05:45:33 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) 05:45:33 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) 05:45:33 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) 05:45:33 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) 05:45:33 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) 05:45:33 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) [ 249.616982] kobject: 'loop3' (00000000ec142cca): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 249.620946] R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000 [ 249.621065] ? should_fail+0x22d/0xd01 [ 249.621085] ? find_held_lock+0x36/0x1c0 [ 249.645783] ? lock_release+0xa00/0xa00 [ 249.649866] ? __unlock_page_memcg+0x53/0x100 [ 249.654382] ? lock_downgrade+0x900/0x900 [ 249.658547] ? check_preemption_disabled+0x48/0x280 [ 249.663576] lock_page_memcg+0x95/0x350 [ 249.667560] ? mem_cgroup_hierarchy_write+0x230/0x230 [ 249.672762] ? rcu_read_unlock_special+0x370/0x370 [ 249.677700] ? mem_cgroup_hierarchy_write+0x230/0x230 [ 249.679763] kobject: 'loop0' (00000000bcc32834): kobject_uevent_env [ 249.682901] ? graph_lock+0x270/0x270 [ 249.682993] page_remove_rmap+0x855/0x1a30 [ 249.683011] ? page_add_file_rmap+0x1470/0x1470 [ 249.689443] kobject: 'loop0' (00000000bcc32834): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 249.693204] ? __lock_is_held+0xb5/0x140 [ 249.693223] ? rcu_read_lock_sched_held+0x14f/0x180 05:45:33 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) connect$tipc(r1, &(0x7f00000001c0)=@id={0x1e, 0x3, 0x2, {0x4e20, 0x2}}, 0x10) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000000)={0x0, @multicast1, @multicast2}, &(0x7f0000000040)=0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200)) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='rpP_pipefs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x4000000003, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', r2}) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x80000001, 0x1, &(0x7f00000002c0)=[{&(0x7f00000000c0)="800000000400000019000000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x1014001, 0x0) 05:45:33 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) socket$inet6(0xa, 0x2, 0x0) 05:45:33 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) [ 249.693303] ? __alloc_pages_nodemask+0xb9c/0xec0 [ 249.693320] ? __alloc_pages_slowpath+0x2e00/0x2e00 [ 249.730562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 249.735328] ? graph_lock+0x270/0x270 [ 249.739162] ? kasan_check_read+0x11/0x20 [ 249.743403] ? page_mapcount+0x3b5/0x5d0 [ 249.747323] kobject: 'loop1' (0000000029eaa9a4): kobject_uevent_env [ 249.747480] ? fault_around_bytes_set+0x90/0x90 [ 249.755095] kobject: 'loop1' (0000000029eaa9a4): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 249.758554] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 249.758572] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 249.778556] ? _vm_normal_page+0x161/0x3c0 [ 249.782800] ? __pte_alloc_kernel+0x210/0x210 [ 249.787317] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 249.792343] ? __tlb_remove_page_size+0x187/0x500 [ 249.797226] unmap_page_range+0x11c7/0x2930 [ 249.801570] ? vm_normal_page_pmd+0x510/0x510 [ 249.804522] kobject: 'loop2' (00000000f965b7d9): kobject_uevent_env [ 249.806073] ? lock_release+0xa00/0xa00 [ 249.806094] ? perf_trace_sched_process_exec+0x860/0x860 [ 249.821676] kobject: 'loop2' (00000000f965b7d9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.821936] ? __lock_acquire+0x62f/0x4c20 [ 249.835625] ? __lock_acquire+0x62f/0x4c20 [ 249.837654] kobject: 'loop1' (0000000029eaa9a4): kobject_uevent_env [ 249.839875] ? print_usage_bug+0xc0/0xc0 [ 249.839894] ? graph_lock+0x270/0x270 [ 249.839951] ? __mutex_lock+0x85e/0x16f0 [ 249.839964] ? mark_held_locks+0x130/0x130 [ 249.840031] ? uprobe_clear_state+0xb4/0x390 [ 249.846505] kobject: 'loop1' (0000000029eaa9a4): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 249.850437] ? rcu_read_unlock_special+0x370/0x370 [ 249.850451] ? graph_lock+0x270/0x270 [ 249.850463] ? print_usage_bug+0xc0/0xc0 [ 249.850476] ? find_held_lock+0x36/0x1c0 [ 249.850493] ? find_held_lock+0x36/0x1c0 [ 249.850513] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 249.902736] ? uprobe_munmap+0x14c/0x450 [ 249.906794] ? uprobe_mmap+0x1130/0x1130 [ 249.910864] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 249.915966] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 249.921073] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 249.925657] ? pagevec_lru_move_fn+0x259/0x350 [ 249.930238] ? trace_hardirqs_off_caller+0x310/0x310 [ 249.935342] unmap_single_vma+0x19b/0x310 [ 249.939500] unmap_vmas+0x252/0x3d0 [ 249.943127] ? zap_vma_ptes+0x110/0x110 [ 249.947098] ? perf_trace_mm_lru_insertion+0x1490/0x1490 [ 249.952557] ? kasan_check_write+0x14/0x20 [ 249.956797] exit_mmap+0x2be/0x590 [ 249.960334] ? __ia32_sys_munmap+0x80/0x80 [ 249.964574] ? mutex_unlock+0xd/0x10 [ 249.968294] ? __might_sleep+0x95/0x190 [ 249.972326] mmput+0x247/0x610 [ 249.975533] ? lock_downgrade+0x900/0x900 [ 249.979688] ? set_mm_exe_file+0x200/0x200 [ 249.983929] ? kasan_check_write+0x14/0x20 [ 249.988163] ? up_read+0x225/0x2c0 [ 249.991788] ? do_raw_spin_trylock+0x270/0x270 [ 249.996376] ? up_read_non_owner+0x100/0x100 [ 250.000789] ? __down_interruptible+0x700/0x700 [ 250.005522] flush_old_exec+0xb91/0x21a0 [ 250.009619] ? ext4_file_read_iter+0x193/0x3c0 [ 250.014206] ? copy_strings_kernel+0x110/0x110 [ 250.018793] ? check_preemption_disabled+0x48/0x280 [ 250.023836] ? fsnotify_first_mark+0x350/0x350 [ 250.028430] ? __fsnotify_parent+0xcc/0x430 [ 250.032748] ? fsnotify+0xef0/0xef0 [ 250.036417] ? rw_verify_area+0x118/0x360 [ 250.040560] ? vfs_read+0x1ce/0x3e0 [ 250.044190] ? kernel_read+0xab/0x120 [ 250.048029] ? load_elf_phdrs+0x1cd/0x260 [ 250.052182] ? writenote+0x3d0/0x3d0 [ 250.055897] ? kernel_read+0xab/0x120 [ 250.059690] load_elf_binary+0xa39/0x5620 [ 250.063836] ? find_held_lock+0x36/0x1c0 [ 250.067927] ? notesize.isra.5+0x80/0x80 [ 250.071987] ? lock_downgrade+0x900/0x900 [ 250.076139] ? kasan_check_write+0x14/0x20 [ 250.080375] search_binary_handler+0x17d/0x570 [ 250.084958] __do_execve_file.isra.35+0x178c/0x2760 [ 250.089982] ? prepare_bprm_creds+0x120/0x120 [ 250.094474] ? __do_page_fault+0x65c/0xd70 [ 250.098701] ? __do_page_fault+0x402/0xd70 [ 250.102949] ? retint_kernel+0x2d/0x2d [ 250.106851] ? strncpy_from_user+0x191/0x5a0 [ 250.111263] ? strncpy_from_user+0x1a7/0x5a0 [ 250.115664] ? strncpy_from_user+0x1aa/0x5a0 [ 250.120067] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 250.125599] ? strncpy_from_user+0x411/0x5a0 [ 250.130412] ? digsig_verify+0x1530/0x1530 [ 250.134641] ? kmem_cache_alloc+0x33f/0x730 [ 250.138966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 250.144518] ? getname_flags+0x26e/0x590 [ 250.148576] ? trace_hardirqs_off_caller+0x310/0x310 [ 250.153678] __x64_sys_execve+0x8f/0xc0 [ 250.157657] do_syscall_64+0x1b9/0x820 [ 250.161568] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 250.166931] ? syscall_return_slowpath+0x5e0/0x5e0 [ 250.171865] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 250.176704] ? trace_hardirqs_on_caller+0x310/0x310 [ 250.181715] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 250.186725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 250.192259] ? prepare_exit_to_usermode+0x291/0x3b0 [ 250.197274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 250.202132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 250.207326] RIP: 0033:0x455f07 [ 250.210529] Code: Bad RIP value. [ 250.213889] RSP: 002b:00007fff581da708 EFLAGS: 00000207 ORIG_RAX: 000000000000003b [ 250.221590] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455f07 [ 250.228865] RDX: 00007fff581dae08 RSI: 00007fff581da740 RDI: 00000000004dca5b [ 250.236132] RBP: 00007fff581da8c0 R08: 0000000000000000 R09: 0000000000000020 [ 250.243397] R10: 0000000000000008 R11: 0000000000000207 R12: 00007fff581dab40 [ 250.250667] R13: 00007fff581daa68 R14: 0000000000000000 R15: 0000000000000000 [ 250.257942] Modules linked in: [ 250.261272] ---[ end trace fe38484bb80d96c8 ]--- [ 250.266061] RIP: 0010:__list_add_valid.cold.2+0xf/0x2a [ 250.271424] Code: e5 80 88 e8 11 1f d2 fd 0f 0b 48 89 de 48 c7 c7 60 e5 80 88 e8 00 1f d2 fd 0f 0b 48 89 d9 48 c7 c7 20 e6 80 88 e8 ef 1e d2 fd <0f> 0b 48 89 f1 48 c7 c7 a0 e6 80 88 48 89 de e8 db 1e d2 fd 0f 0b [ 250.290411] RSP: 0018:ffff8881dad06dc0 EFLAGS: 00010286 [ 250.295784] RAX: 0000000000000075 RBX: ffffffff8a1dca60 RCX: 0000000000000000 [ 250.303148] RDX: 0000000000000000 RSI: ffffffff816621c5 RDI: 0000000000000005 [ 250.306391] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 250.310461] RBP: ffff8881dad06dd8 R08: ffff8881c36b6000 R09: ffffed103b5a5020 [ 250.310470] R10: ffffed103b5a5020 R11: ffff8881dad28107 R12: ffff8881c92f4bb0 [ 250.310477] R13: ffff8881c92f4940 R14: ffffffff8a1dc820 R15: ffffffff8a1dcab0 [ 250.310489] FS: 0000000001fe8940(0000) GS:ffff8881dad00000(0000) knlGS:0000000000000000 [ 250.310497] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.310506] CR2: 0000000000455edd CR3: 00000001ce993000 CR4: 00000000001406e0 [ 250.310517] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 250.310525] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 250.310533] Kernel panic - not syncing: Fatal exception in interrupt [ 250.311579] Kernel Offset: disabled [ 250.388260] Rebooting in 86400 seconds..