[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 68.008118][ T26] audit: type=1800 audit(1576105610.161:25): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 68.027944][ T26] audit: type=1800 audit(1576105610.161:26): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 68.078315][ T26] audit: type=1800 audit(1576105610.171:27): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. 2019/12/11 23:06:59 fuzzer started 2019/12/11 23:07:01 dialing manager at 10.128.0.26:33577 2019/12/11 23:07:01 syscalls: 2701 2019/12/11 23:07:01 code coverage: enabled 2019/12/11 23:07:01 comparison tracing: enabled 2019/12/11 23:07:01 extra coverage: enabled 2019/12/11 23:07:01 setuid sandbox: enabled 2019/12/11 23:07:01 namespace sandbox: enabled 2019/12/11 23:07:01 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/11 23:07:01 fault injection: enabled 2019/12/11 23:07:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/11 23:07:01 net packet injection: enabled 2019/12/11 23:07:01 net device setup: enabled 2019/12/11 23:07:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/11 23:07:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 23:08:58 executing program 0: r0 = gettid() syncfs(0xffffffffffffffff) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, 0x0) r1 = eventfd2(0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x9) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0xdd, 0xe1, 0x0, 0x9, 0x3}) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffa000/0x3000)=nil) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000100)={@loopback}, 0x14) tkill(r0, 0x1000000000015) 23:08:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_VLAN_STATS_ENABLED={0x8, 0x29, 0xff}]}}}]}, 0x3c}}, 0x0) syzkaller login: [ 196.510704][ T9063] IPVS: ftp: loaded support on port[0] = 21 [ 196.727263][ T9066] IPVS: ftp: loaded support on port[0] = 21 [ 196.727641][ T9063] chnl_net:caif_netlink_parms(): no params data found 23:08:59 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f00000000c0)={0x2, 0xf, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast2, @in=@local}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa8}}, 0x0) [ 196.801394][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.810304][ T9063] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.820001][ T9063] device bridge_slave_0 entered promiscuous mode [ 196.832876][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.841884][ T9063] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.860685][ T9063] device bridge_slave_1 entered promiscuous mode [ 196.934579][ T9063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.965515][ T9063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.012716][ T9063] team0: Port device team_slave_0 added [ 197.022555][ T9063] team0: Port device team_slave_1 added [ 197.058491][ T9068] IPVS: ftp: loaded support on port[0] = 21 23:08:59 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) ptrace(0x4207, 0xffffffffffffffff) [ 197.107776][ T9063] device hsr_slave_0 entered promiscuous mode [ 197.225911][ T9063] device hsr_slave_1 entered promiscuous mode 23:08:59 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair(0x0, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pwrite64(r0, 0x0, 0x0, 0x0) [ 197.379834][ T9071] IPVS: ftp: loaded support on port[0] = 21 [ 197.452069][ T9066] chnl_net:caif_netlink_parms(): no params data found [ 197.547501][ T9063] netdevsim netdevsim0 netdevsim0: renamed from eth0 23:08:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfffff000}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x400000000000000}, 0x0) [ 197.614872][ T9063] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 197.715663][ T9063] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 197.766475][ T9063] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 197.831280][ T9066] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.839857][ T9066] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.848685][ T9066] device bridge_slave_0 entered promiscuous mode [ 197.869338][ T9076] IPVS: ftp: loaded support on port[0] = 21 [ 197.871376][ T9075] IPVS: ftp: loaded support on port[0] = 21 [ 197.926107][ T9066] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.933691][ T9066] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.941355][ T9066] device bridge_slave_1 entered promiscuous mode [ 198.010202][ T9066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.023672][ T9066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.037241][ T9068] chnl_net:caif_netlink_parms(): no params data found [ 198.088358][ T9066] team0: Port device team_slave_0 added [ 198.094498][ T9071] chnl_net:caif_netlink_parms(): no params data found [ 198.106256][ T9066] team0: Port device team_slave_1 added [ 198.226683][ T9066] device hsr_slave_0 entered promiscuous mode [ 198.263861][ T9066] device hsr_slave_1 entered promiscuous mode [ 198.303552][ T9066] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.336732][ T9068] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.344664][ T9068] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.354353][ T9068] device bridge_slave_0 entered promiscuous mode [ 198.376168][ T9071] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.384509][ T9071] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.392501][ T9071] device bridge_slave_0 entered promiscuous mode [ 198.402445][ T9071] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.409749][ T9071] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.417717][ T9071] device bridge_slave_1 entered promiscuous mode [ 198.425034][ T9068] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.432126][ T9068] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.442758][ T9068] device bridge_slave_1 entered promiscuous mode [ 198.508722][ T9068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.520437][ T9068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.549876][ T9068] team0: Port device team_slave_0 added [ 198.561708][ T9071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.609313][ T9076] chnl_net:caif_netlink_parms(): no params data found [ 198.621307][ T9068] team0: Port device team_slave_1 added [ 198.628632][ T9071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.655342][ T9071] team0: Port device team_slave_0 added [ 198.673120][ T9071] team0: Port device team_slave_1 added [ 198.687764][ T9075] chnl_net:caif_netlink_parms(): no params data found [ 198.788196][ T9071] device hsr_slave_0 entered promiscuous mode [ 198.843804][ T9071] device hsr_slave_1 entered promiscuous mode [ 198.883667][ T9071] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.895422][ T9066] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 198.945867][ T9066] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 199.045741][ T9066] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 199.136876][ T9068] device hsr_slave_0 entered promiscuous mode [ 199.193852][ T9068] device hsr_slave_1 entered promiscuous mode [ 199.243553][ T9068] debugfs: Directory 'hsr0' with parent '/' already present! [ 199.261292][ T9075] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.275376][ T9075] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.283249][ T9075] device bridge_slave_0 entered promiscuous mode [ 199.292145][ T9075] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.299385][ T9075] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.307721][ T9075] device bridge_slave_1 entered promiscuous mode [ 199.314856][ T9066] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 199.412003][ T9075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.427236][ T9076] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.435237][ T9076] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.443082][ T9076] device bridge_slave_0 entered promiscuous mode [ 199.451807][ T9076] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.459029][ T9076] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.467155][ T9076] device bridge_slave_1 entered promiscuous mode [ 199.491688][ T9075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.515817][ T9063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.539077][ T9071] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 199.580107][ T9071] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 199.659992][ T9068] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 199.708698][ T9075] team0: Port device team_slave_0 added [ 199.714922][ T9071] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 199.766186][ T9071] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 199.820945][ T9076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.833473][ T9075] team0: Port device team_slave_1 added [ 199.839726][ T9068] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 199.885760][ T9063] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.901383][ T9076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.915216][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.924229][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.933031][ T9068] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 199.997336][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.007137][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.016495][ T3701] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.024046][ T3701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.032104][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.041320][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.049857][ T3701] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.056970][ T3701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.066458][ T9068] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 200.176882][ T9075] device hsr_slave_0 entered promiscuous mode [ 200.244401][ T9075] device hsr_slave_1 entered promiscuous mode [ 200.283574][ T9075] debugfs: Directory 'hsr0' with parent '/' already present! [ 200.299572][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.307957][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.317193][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.353078][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.362716][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.372319][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.382943][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.392093][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.401695][ T9076] team0: Port device team_slave_0 added [ 200.413184][ T9076] team0: Port device team_slave_1 added [ 200.452203][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.461586][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.471147][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.479874][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.495826][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.517945][ T9066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.566918][ T9076] device hsr_slave_0 entered promiscuous mode [ 200.613801][ T9076] device hsr_slave_1 entered promiscuous mode [ 200.653561][ T9076] debugfs: Directory 'hsr0' with parent '/' already present! [ 200.682456][ T9075] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 200.730061][ T9075] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 200.795708][ T9075] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 200.841341][ T9066] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.860731][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 200.868814][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 200.876762][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.884631][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.895708][ T9075] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 200.957675][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.967393][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.978930][ T9074] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.986054][ T9074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.008249][ T9063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.032111][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.040350][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.049344][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.059505][ T3701] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.066625][ T3701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.075705][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.106873][ T9076] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 201.146430][ T9076] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 201.197221][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.215100][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.224667][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.236459][ T9068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.259255][ T9076] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 201.320937][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.334096][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.342980][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.353185][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.369564][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.378519][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.387215][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.398029][ T9071] 8021q: adding VLAN 0 to HW filter on device bond0 23:09:03 executing program 0: [ 201.417524][ T9076] netdevsim netdevsim5 netdevsim3: renamed from eth3 23:09:03 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f0000000080)="1f0000000104ff00fd4354c7071100def205010008000100017ca5d59e950f", 0x1f) write(r1, &(0x7f0000000000)="1f0000000104fffffd3b54c007110006f30501000b000200000010d10200cf", 0x1f) [ 201.492576][ T9071] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.528419][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.539482][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.551978][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.562391][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.576613][ T9066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.596472][ T9090] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 201.616902][ T9068] 8021q: adding VLAN 0 to HW filter on device team0 23:09:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x4, 0xffffffffffffffff}) dup3(r0, r2, 0x0) [ 201.654423][ T9066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.676354][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.687256][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.696675][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.703814][ T2735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.711714][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.722165][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.731344][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.738500][ T2735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.750302][ T9093] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 201.751845][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.780716][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.816087][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.824234][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.843507][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.852239][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.870124][ T9092] list_del corruption. prev->next should be ffff8880902a3970, but was ffff88821b84e930 [ 201.880856][ T9092] ------------[ cut here ]------------ [ 201.886688][ T9092] kernel BUG at lib/list_debug.c:51! [ 201.892070][ T9092] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 201.901963][ T9092] CPU: 1 PID: 9092 Comm: syz-executor.0 Not tainted 5.5.0-rc1-next-20191211-syzkaller #0 [ 201.911745][ T9092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.921801][ T9092] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4f [ 201.928124][ T9092] Code: e8 c9 00 cb fd 0f 0b 48 89 f1 48 c7 c7 c0 10 70 88 4c 89 e6 e8 b5 00 cb fd 0f 0b 4c 89 f6 48 c7 c7 60 12 70 88 e8 a4 00 cb fd <0f> 0b 4c 89 ea 4c 89 f6 48 c7 c7 a0 11 70 88 e8 90 00 cb fd 0f 0b [ 201.948991][ T9092] RSP: 0018:ffffc90002407c00 EFLAGS: 00010282 [ 201.955220][ T9092] RAX: 0000000000000054 RBX: ffff88821b84b160 RCX: 0000000000000000 [ 201.963221][ T9092] RDX: 0000000000000000 RSI: ffffffff815e8576 RDI: fffff52000480f72 [ 201.971289][ T9092] RBP: ffffc90002407c18 R08: 0000000000000054 R09: ffffed1015d26621 [ 201.980970][ T9092] R10: ffffed1015d26620 R11: ffff8880ae933107 R12: ffff88821b84b260 [ 201.989179][ T9092] R13: ffff88821b84e930 R14: ffff8880902a3970 R15: ffff8880902a3970 [ 201.997326][ T9092] FS: 0000000001376940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 202.006641][ T9092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.013327][ T9092] CR2: 0000001b32223000 CR3: 00000000a8dc9000 CR4: 00000000001426e0 [ 202.021715][ T9092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 202.029773][ T9092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 202.037749][ T9092] Call Trace: [ 202.041030][ T9092] __dentry_kill+0x1fd/0x600 [ 202.045701][ T9092] ? dput+0x38/0xe10 [ 202.049577][ T9092] ? dput+0x38/0xe10 [ 202.053460][ T9092] dput+0x62f/0xe10 [ 202.057264][ T9092] simple_recursive_removal+0x5bc/0x6d0 [ 202.062792][ T9092] ? debugfs_rename+0x7f0/0x7f0 [ 202.067631][ T9092] debugfs_remove+0x5e/0x80 [ 202.072217][ T9092] kvm_put_kvm+0x136/0xcc0 [ 202.076639][ T9092] ? kvm_irqfd_release+0xe2/0x120 [ 202.081662][ T9092] ? kvm_irqfd_release+0xe2/0x120 [ 202.086668][ T9092] kvm_vm_release+0x44/0x60 [ 202.091150][ T9092] __fput+0x2ff/0x890 [ 202.095125][ T9092] ? kvm_dev_ioctl+0x17d0/0x17d0 [ 202.100053][ T9092] ____fput+0x16/0x20 [ 202.104024][ T9092] task_work_run+0x145/0x1c0 [ 202.108706][ T9092] exit_to_usermode_loop+0x316/0x380 [ 202.114068][ T9092] do_syscall_64+0x676/0x790 [ 202.118653][ T9092] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.124538][ T9092] RIP: 0033:0x4143e1 [ 202.129158][ T9092] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 202.148946][ T9092] RSP: 002b:00007ffcd4d19270 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 202.157360][ T9092] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004143e1 [ 202.165611][ T9092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 202.173574][ T9092] RBP: 0000000000000001 R08: 000000003560b3b2 R09: 000000003560b3b6 [ 202.181538][ T9092] R10: 00007ffcd4d19350 R11: 0000000000000293 R12: 000000000075c9a0 [ 202.189497][ T9092] R13: 000000000075c9a0 R14: 00000000007602c8 R15: 000000000075bfd4 [ 202.197453][ T9092] Modules linked in: [ 202.201377][ T9092] ---[ end trace 2060af44561f5be8 ]--- [ 202.206860][ T9092] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4f [ 202.213179][ T9092] Code: e8 c9 00 cb fd 0f 0b 48 89 f1 48 c7 c7 c0 10 70 88 4c 89 e6 e8 b5 00 cb fd 0f 0b 4c 89 f6 48 c7 c7 60 12 70 88 e8 a4 00 cb fd <0f> 0b 4c 89 ea 4c 89 f6 48 c7 c7 a0 11 70 88 e8 90 00 cb fd 0f 0b [ 202.232931][ T9092] RSP: 0018:ffffc90002407c00 EFLAGS: 00010282 [ 202.239047][ T9092] RAX: 0000000000000054 RBX: ffff88821b84b160 RCX: 0000000000000000 [ 202.247125][ T9092] RDX: 0000000000000000 RSI: ffffffff815e8576 RDI: fffff52000480f72 [ 202.255130][ T9092] RBP: ffffc90002407c18 R08: 0000000000000054 R09: ffffed1015d26621 [ 202.263212][ T9092] R10: ffffed1015d26620 R11: ffff8880ae933107 R12: ffff88821b84b260 [ 202.271223][ T9092] R13: ffff88821b84e930 R14: ffff8880902a3970 R15: ffff8880902a3970 [ 202.279221][ T9092] FS: 0000000001376940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 202.288182][ T9092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.294802][ T9092] CR2: 0000001b32223000 CR3: 00000000a8dc9000 CR4: 00000000001426e0 [ 202.302784][ T9092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 202.310805][ T9092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 202.318801][ T9092] Kernel panic - not syncing: Fatal exception [ 202.326425][ T9092] Kernel Offset: disabled [ 202.330763][ T9092] Rebooting in 86400 seconds..