Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2019/10/27 06:37:49 fuzzer started 2019/10/27 06:37:50 dialing manager at 10.128.0.26:34793 2019/10/27 06:37:51 syscalls: 2534 2019/10/27 06:37:51 code coverage: enabled 2019/10/27 06:37:51 comparison tracing: enabled 2019/10/27 06:37:51 extra coverage: extra coverage is not supported by the kernel 2019/10/27 06:37:51 setuid sandbox: enabled 2019/10/27 06:37:51 namespace sandbox: enabled 2019/10/27 06:37:51 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/27 06:37:51 fault injection: enabled 2019/10/27 06:37:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/27 06:37:51 net packet injection: enabled 2019/10/27 06:37:51 net device setup: enabled 2019/10/27 06:37:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 06:40:03 executing program 0: 06:40:03 executing program 1: syzkaller login: [ 201.762234][ T8720] IPVS: ftp: loaded support on port[0] = 21 [ 201.931006][ T8720] chnl_net:caif_netlink_parms(): no params data found [ 201.949065][ T8723] IPVS: ftp: loaded support on port[0] = 21 [ 202.024991][ T8720] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.033734][ T8720] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.042704][ T8720] device bridge_slave_0 entered promiscuous mode [ 202.060046][ T8720] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.067627][ T8720] bridge0: port 2(bridge_slave_1) entered disabled state 06:40:04 executing program 2: [ 202.075685][ T8720] device bridge_slave_1 entered promiscuous mode [ 202.143637][ T8720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.159432][ T8723] chnl_net:caif_netlink_parms(): no params data found [ 202.189045][ T8720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.259315][ T8723] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.266406][ T8723] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.287725][ T8723] device bridge_slave_0 entered promiscuous mode [ 202.297496][ T8720] team0: Port device team_slave_0 added [ 202.305208][ T8720] team0: Port device team_slave_1 added [ 202.311547][ T8723] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.319157][ T8723] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.329985][ T8723] device bridge_slave_1 entered promiscuous mode [ 202.350184][ T8726] IPVS: ftp: loaded support on port[0] = 21 [ 202.370491][ T8723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 06:40:04 executing program 3: [ 202.459615][ T8720] device hsr_slave_0 entered promiscuous mode [ 202.499007][ T8720] device hsr_slave_1 entered promiscuous mode [ 202.542599][ T8723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.606677][ T8723] team0: Port device team_slave_0 added [ 202.640424][ T8723] team0: Port device team_slave_1 added 06:40:04 executing program 4: [ 202.670068][ T8728] IPVS: ftp: loaded support on port[0] = 21 [ 202.742412][ T8723] device hsr_slave_0 entered promiscuous mode [ 202.788969][ T8723] device hsr_slave_1 entered promiscuous mode [ 202.828730][ T8723] debugfs: Directory 'hsr0' with parent '/' already present! [ 202.855151][ T8720] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.862467][ T8720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.870448][ T8720] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.877606][ T8720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.943066][ T8730] IPVS: ftp: loaded support on port[0] = 21 06:40:05 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000036) unshare(0x20400) fcntl$notify(r0, 0x402, 0x2) [ 202.983707][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.996556][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.056076][ T8726] chnl_net:caif_netlink_parms(): no params data found [ 203.146231][ T8726] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.154490][ T8726] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.163197][ T8726] device bridge_slave_0 entered promiscuous mode [ 203.174220][ T8726] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.181653][ T8726] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.189818][ T8726] device bridge_slave_1 entered promiscuous mode [ 203.214585][ T8734] IPVS: ftp: loaded support on port[0] = 21 [ 203.305070][ T8726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.324272][ T8720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.340219][ T8728] chnl_net:caif_netlink_parms(): no params data found [ 203.356255][ T8726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.379540][ T8720] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.403214][ T8726] team0: Port device team_slave_0 added [ 203.411619][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.421024][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.478355][ T8726] team0: Port device team_slave_1 added [ 203.484530][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.493656][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.502389][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.509496][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.518279][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.527176][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.535536][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.542640][ T3022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.550183][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.591182][ T8728] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.598408][ T8728] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.606081][ T8728] device bridge_slave_0 entered promiscuous mode [ 203.614487][ T8728] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.621792][ T8728] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.630063][ T8728] device bridge_slave_1 entered promiscuous mode [ 203.642926][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.651925][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.660644][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.693384][ T8734] chnl_net:caif_netlink_parms(): no params data found [ 203.716391][ T8728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.729658][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.738567][ T8730] chnl_net:caif_netlink_parms(): no params data found [ 203.820079][ T8726] device hsr_slave_0 entered promiscuous mode [ 203.856991][ T8726] device hsr_slave_1 entered promiscuous mode [ 203.896640][ T8726] debugfs: Directory 'hsr0' with parent '/' already present! [ 203.905565][ T8728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.920242][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.929985][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.943908][ T8720] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 203.955111][ T8720] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.001242][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.010773][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.019619][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.028363][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.062091][ T8728] team0: Port device team_slave_0 added [ 204.070226][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.083143][ T8720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.107325][ T8734] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.114424][ T8734] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.123142][ T8734] device bridge_slave_0 entered promiscuous mode [ 204.132492][ T8728] team0: Port device team_slave_1 added [ 204.159693][ T8734] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.166936][ T8734] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.174939][ T8734] device bridge_slave_1 entered promiscuous mode [ 204.239901][ T8728] device hsr_slave_0 entered promiscuous mode [ 204.267134][ T8728] device hsr_slave_1 entered promiscuous mode [ 204.306941][ T8728] debugfs: Directory 'hsr0' with parent '/' already present! [ 204.315274][ T8730] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.322808][ T8730] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.330909][ T8730] device bridge_slave_0 entered promiscuous mode [ 204.340436][ T8723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.364530][ T8734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.383396][ T8730] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.394061][ T8730] bridge0: port 2(bridge_slave_1) entered disabled state 06:40:06 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000112a7b0000000000000000000000000300000000200000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000002000000000000000ffffff7f000000000000000000000000000000feffffff01000000110000000900000000ff00000000000000134ac9e8b83246c800ba680000000000000000000000000001000000000000000000000000100001010100e1c90fed90ac00000000a85f001a4b000000000000000504000000000000000000020000000000007000000070000000a000000041554449540000000000000000000004000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) [ 204.412612][ T8730] device bridge_slave_1 entered promiscuous mode 06:40:06 executing program 0: [ 204.443133][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.457547][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 06:40:06 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000680)={0x6, 0x4, 0x200, 0x80000000000004, 0x0, 0x0}, 0x3c) r0 = syz_open_procfs(0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x2, 0x3f, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x8) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000740)) mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x80) keyctl$describe(0x6, 0x0, &(0x7f0000000300)=""/187, 0xbb) syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00') getsockopt$inet_mreqn(r1, 0x0, 0x23, 0x0, &(0x7f0000000400)) getcwd(&(0x7f0000000580)=""/237, 0xed) getsockname$packet(r0, &(0x7f0000000a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000a40)=0x14) accept$packet(0xffffffffffffffff, &(0x7f0000000a80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000ac0)=0x14) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000b00)={@dev}, &(0x7f0000000700)=0xfffffe59) lsetxattr$system_posix_acl(&(0x7f00000002c0)='./file0\x00', 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="1a8316fd2a3e1ea8db4acff7c1baa4ff4a97a91905ff354400000000fac2e92c30bda02651eb3d107fd443c1556e743817f3f90dfea2ad7760b183d2390aeedcd2a19807bd17e41a2a277f4504c0f19e672d96c100800001008da0527622b9e028ed1d2ff60983468c9f2c9e2b4076b3565e3f36b3b82beb69443c4bd86e33c8f54c8aa2250e433320df1f36140f556eb031bb726dd9db2823198672aa51ee91c96af07c4726ce1c52e04be8cb3ba80a8b070d58a3152899d34cf922896f3790dec8b8708f5e62f76cc2c2cc8d179f24bfaf0600f500000000004f00000000000000006e97b0dffb0e026c2094d6e17a163cbfeb32cabdd4d4a6070000000000000081f8ae8ca1415f627b764b47c4f461416425cb4b5fb0ff0f000000000000e759932eb83db017dd896cb8f02c38749f46673caed649687d38fa278800fabf53c60ff7a61d3eea418be986a9f66493f00a795a7971537aa6d4edd028021f45993ea7bda02672ed1735ded7a9b8cd6d25e34389ad725ac275f7bfefffb231b3eb559a22ed14e4f6b9c91a836ba4d870e33dd198c23df138d0ca2d3c7252f0ea79d8511b724d13598e0959d2b798e6e17d5fcd07cfdaad9777ad2c19f3b812ed63f5d84aa12e48b9104b1fdc5d30abf2f6adda629d27f68aa2d266719cae18cd9605dccb5fd9b64835b756774f7bfeac095e028bdf2b5cb24d9a7b0e77e70b093c40f74e3c03", @ANYRES32=0x0, @ANYBLOB="90098f6a07fb04668f128bfca96e6549ce560b34c8980c9e0a76bfa3"], 0x3, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) clone(0x808100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) semop(0x0, &(0x7f00000000c0)=[{0x0, 0x9}, {}], 0x2) [ 204.508229][ T8723] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.523123][ T8734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.573963][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.583603][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.592703][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.599835][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.608099][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 06:40:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r1, 0x23f, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) [ 204.617481][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.625917][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.633033][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.643113][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.691761][ T8734] team0: Port device team_slave_0 added [ 204.701404][ T8730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.713357][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.722362][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.731643][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.740584][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.749940][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.767827][ T8734] team0: Port device team_slave_1 added [ 204.774838][ T8730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.823971][ T8730] team0: Port device team_slave_0 added [ 204.841404][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.850422][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.865543][ T8723] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 204.876399][ T8723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.928833][ T8734] device hsr_slave_0 entered promiscuous mode [ 204.976989][ T8734] device hsr_slave_1 entered promiscuous mode [ 205.016672][ T8734] debugfs: Directory 'hsr0' with parent '/' already present! 06:40:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r1, 0x23f, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) [ 205.043244][ T8730] team0: Port device team_slave_1 added [ 205.067232][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.075718][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.085742][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.123706][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.132918][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 06:40:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000001c0)={0x0, 0x400300, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r1, 0x23f, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) [ 205.180193][ T8726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.291486][ T8730] device hsr_slave_0 entered promiscuous mode [ 205.336964][ T8730] device hsr_slave_1 entered promiscuous mode [ 205.376593][ T8730] debugfs: Directory 'hsr0' with parent '/' already present! [ 205.389121][ T8723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.427970][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 06:40:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000001c0)={0x0, 0x400300, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r1, 0x23f, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) [ 205.438710][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.475288][ T8726] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.526108][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.543465][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.552500][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.559605][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.568453][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.609530][ T8736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.619525][ T8736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.630233][ T8736] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.637368][ T8736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.645423][ T8736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.670485][ T8728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.701594][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.710876][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.720442][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.729170][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.748668][ T8734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.771649][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.798811][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.812885][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 06:40:07 executing program 1: unshare(0x20400) r0 = io_uring_setup(0x40000000e, &(0x7f00000005c0)={0x0, 0x0, 0x1, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 205.822064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.838697][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.851820][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.876824][ T8736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.888240][ T8779] ================================================================== [ 205.896498][ T8779] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 205.897310][ T8736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.903778][ T8779] Write of size 8 at addr 0000000000000004 by task syz-executor.1/8779 [ 205.903788][ T8779] [ 205.903803][ T8779] CPU: 0 PID: 8779 Comm: syz-executor.1 Not tainted 5.4.0-rc4-next-20191025 #0 [ 205.903810][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.903821][ T8779] Call Trace: [ 205.943813][ T8779] dump_stack+0x172/0x1f0 [ 205.948131][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 205.953055][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 205.957992][ T8779] __kasan_report.cold+0x5/0x41 [ 205.962845][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 205.967775][ T8779] kasan_report+0x12/0x20 [ 205.972113][ T8779] check_memory_region+0x134/0x1a0 [ 205.977212][ T8779] __kasan_check_write+0x14/0x20 [ 205.982131][ T8779] io_wq_cancel_all+0x28/0x2a0 [ 205.986881][ T8779] io_ring_ctx_wait_and_kill+0x1e2/0x710 [ 205.992504][ T8779] io_uring_release+0x42/0x50 [ 205.997167][ T8779] __fput+0x2ff/0x890 [ 206.001133][ T8779] ? io_ring_ctx_wait_and_kill+0x710/0x710 [ 206.006925][ T8779] ____fput+0x16/0x20 [ 206.010889][ T8779] task_work_run+0x145/0x1c0 [ 206.015467][ T8779] do_exit+0x904/0x2e60 [ 206.019615][ T8779] ? find_held_lock+0x35/0x130 [ 206.024383][ T8779] ? mm_update_next_owner+0x640/0x640 [ 206.029764][ T8779] ? lock_downgrade+0x920/0x920 [ 206.034616][ T8779] ? _raw_spin_unlock_irq+0x23/0x80 [ 206.039810][ T8779] ? get_signal+0x392/0x24f0 [ 206.044411][ T8779] ? _raw_spin_unlock_irq+0x23/0x80 [ 206.049596][ T8779] do_group_exit+0x135/0x360 [ 206.054265][ T8779] get_signal+0x47c/0x24f0 [ 206.058680][ T8779] do_signal+0x87/0x1700 [ 206.062908][ T8779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.069136][ T8779] ? io_uring_setup+0xe88/0x1b80 [ 206.074098][ T8779] ? setup_sigcontext+0x7d0/0x7d0 [ 206.079120][ T8779] ? io_uring_release+0x50/0x50 [ 206.083962][ T8779] ? nsecs_to_jiffies+0x30/0x30 [ 206.088804][ T8779] ? exit_to_usermode_loop+0x43/0x380 [ 206.094166][ T8779] ? do_syscall_64+0x65f/0x760 [ 206.098911][ T8779] ? exit_to_usermode_loop+0x43/0x380 [ 206.104271][ T8779] ? lockdep_hardirqs_on+0x421/0x5e0 [ 206.109537][ T8779] ? trace_hardirqs_on+0x67/0x240 [ 206.114552][ T8779] exit_to_usermode_loop+0x286/0x380 [ 206.119824][ T8779] do_syscall_64+0x65f/0x760 [ 206.124403][ T8779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.130283][ T8779] RIP: 0033:0x459f39 [ 206.134220][ T8779] Code: Bad RIP value. [ 206.138269][ T8779] RSP: 002b:00007f063db51c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 206.146678][ T8779] RAX: 0000000000000004 RBX: 0000000000000002 RCX: 0000000000459f39 [ 206.154633][ T8779] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 000000040000000e [ 206.162588][ T8779] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 206.170560][ T8779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f063db526d4 [ 206.178523][ T8779] R13: 00000000004c1512 R14: 00000000004d4da8 R15: 00000000ffffffff [ 206.186494][ T8779] ================================================================== [ 206.194535][ T8779] Disabling lock debugging due to kernel taint [ 206.204820][ T8726] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 206.217512][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 206.220170][ T8779] Kernel panic - not syncing: panic_on_warn set ... [ 206.226945][ T8728] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.231254][ T8779] CPU: 1 PID: 8779 Comm: syz-executor.1 Tainted: G B 5.4.0-rc4-next-20191025 #0 [ 206.248236][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.254068][ T8728] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 206.258301][ T8779] Call Trace: [ 206.258319][ T8779] dump_stack+0x172/0x1f0 [ 206.258331][ T8779] panic+0x2e3/0x75c [ 206.258348][ T8779] ? add_taint.cold+0x16/0x16 [ 206.268715][ T8728] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 206.271974][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 206.286907][ T8728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.295137][ T8779] ? preempt_schedule+0x4b/0x60 [ 206.300136][ T8728] kobject: 'vlan0' (00000000cbef9831): kobject_add_internal: parent: 'mesh', set: '' [ 206.306789][ T8779] ? ___preempt_schedule+0x16/0x18 [ 206.306806][ T8779] ? trace_hardirqs_on+0x5e/0x240 [ 206.331961][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 206.336907][ T8779] end_report+0x47/0x4f [ 206.341068][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 206.346008][ T8779] __kasan_report.cold+0xe/0x41 [ 206.350847][ T8779] ? io_wq_cancel_all+0x28/0x2a0 [ 206.355762][ T8779] kasan_report+0x12/0x20 [ 206.360107][ T8779] check_memory_region+0x134/0x1a0 [ 206.365250][ T8779] __kasan_check_write+0x14/0x20 [ 206.370165][ T8779] io_wq_cancel_all+0x28/0x2a0 [ 206.374903][ T8779] io_ring_ctx_wait_and_kill+0x1e2/0x710 [ 206.380563][ T8779] io_uring_release+0x42/0x50 [ 206.385348][ T8779] __fput+0x2ff/0x890 [ 206.389337][ T8779] ? io_ring_ctx_wait_and_kill+0x710/0x710 [ 206.395125][ T8779] ____fput+0x16/0x20 [ 206.399095][ T8779] task_work_run+0x145/0x1c0 [ 206.403664][ T8779] do_exit+0x904/0x2e60 [ 206.407799][ T8779] ? find_held_lock+0x35/0x130 [ 206.412540][ T8779] ? mm_update_next_owner+0x640/0x640 [ 206.417927][ T8779] ? lock_downgrade+0x920/0x920 [ 206.422766][ T8779] ? _raw_spin_unlock_irq+0x23/0x80 [ 206.427942][ T8779] ? get_signal+0x392/0x24f0 [ 206.432507][ T8779] ? _raw_spin_unlock_irq+0x23/0x80 [ 206.437684][ T8779] do_group_exit+0x135/0x360 [ 206.442251][ T8779] get_signal+0x47c/0x24f0 [ 206.446648][ T8779] do_signal+0x87/0x1700 [ 206.450869][ T8779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.457086][ T8779] ? io_uring_setup+0xe88/0x1b80 [ 206.462001][ T8779] ? setup_sigcontext+0x7d0/0x7d0 [ 206.467001][ T8779] ? io_uring_release+0x50/0x50 [ 206.471827][ T8779] ? nsecs_to_jiffies+0x30/0x30 [ 206.476657][ T8779] ? exit_to_usermode_loop+0x43/0x380 [ 206.482006][ T8779] ? do_syscall_64+0x65f/0x760 [ 206.486762][ T8779] ? exit_to_usermode_loop+0x43/0x380 [ 206.492113][ T8779] ? lockdep_hardirqs_on+0x421/0x5e0 [ 206.497372][ T8779] ? trace_hardirqs_on+0x67/0x240 [ 206.502459][ T8779] exit_to_usermode_loop+0x286/0x380 [ 206.507729][ T8779] do_syscall_64+0x65f/0x760 [ 206.512296][ T8779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.518162][ T8779] RIP: 0033:0x459f39 [ 206.522040][ T8779] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.542762][ T8779] RSP: 002b:00007f063db51c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 206.551247][ T8779] RAX: 0000000000000004 RBX: 0000000000000002 RCX: 0000000000459f39 [ 206.559196][ T8779] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 000000040000000e [ 206.567199][ T8779] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 206.575158][ T8779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f063db526d4 [ 206.583120][ T8779] R13: 00000000004c1512 R14: 00000000004d4da8 R15: 00000000ffffffff [ 206.592431][ T8779] Kernel Offset: disabled [ 206.596776][ T8779] Rebooting in 86400 seconds..