[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.685698][ T25] audit: type=1800 audit(1570697351.191:25): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 36.706463][ T25] audit: type=1800 audit(1570697351.191:26): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 36.729146][ T25] audit: type=1800 audit(1570697351.191:27): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. 2019/10/10 08:49:21 fuzzer started 2019/10/10 08:49:22 dialing manager at 10.128.0.105:34287 2019/10/10 08:49:22 checking machine... 2019/10/10 08:49:22 checking revisions... 2019/10/10 08:49:22 testing simple program... syzkaller login: [ 48.255407][ T7249] IPVS: ftp: loaded support on port[0] = 21 2019/10/10 08:49:22 building call list... executing program [ 52.134221][ T7256] can: request_module (can-proto-0) failed. [ 52.147577][ T7256] can: request_module (can-proto-0) failed. 2019/10/10 08:49:29 syscalls: 2523 2019/10/10 08:49:29 code coverage: enabled 2019/10/10 08:49:29 comparison tracing: enabled 2019/10/10 08:49:29 extra coverage: extra coverage is not supported by the kernel 2019/10/10 08:49:29 setuid sandbox: enabled 2019/10/10 08:49:29 namespace sandbox: enabled 2019/10/10 08:49:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/10 08:49:29 fault injection: enabled 2019/10/10 08:49:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/10 08:49:29 net packet injection: enabled 2019/10/10 08:49:29 net device setup: enabled 2019/10/10 08:49:29 concurrency sanitizer: enabled 08:49:30 executing program 0: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "78395c95d0fdfb60", "520b1e4a8ff7af2c241636098c1c22ff", "a9016007", "f6885a10e7196cef"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) [ 55.838946][ T7295] IPVS: ftp: loaded support on port[0] = 21 08:49:30 executing program 1: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 55.934698][ T7295] chnl_net:caif_netlink_parms(): no params data found [ 55.986665][ T7295] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.004030][ T7295] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.012121][ T7295] device bridge_slave_0 entered promiscuous mode [ 56.034901][ T7295] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.042202][ T7295] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.063935][ T7295] device bridge_slave_1 entered promiscuous mode [ 56.101585][ T7295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.134636][ T7295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.177768][ T7295] team0: Port device team_slave_0 added [ 56.194376][ T7295] team0: Port device team_slave_1 added 08:49:30 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) [ 56.256974][ T7295] device hsr_slave_0 entered promiscuous mode [ 56.313444][ T7295] device hsr_slave_1 entered promiscuous mode [ 56.361619][ T7295] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.368805][ T7295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.376347][ T7295] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.383425][ T7295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.432356][ T7298] IPVS: ftp: loaded support on port[0] = 21 [ 56.513059][ T7295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.564674][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.583548][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.603410][ T17] bridge0: port 2(bridge_slave_1) entered disabled state 08:49:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x7, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x800000000000002, 0x0, 0x7, 0x61}]}, &(0x7f0000000240)='GPL\x00', 0x2, 0x2e6, &(0x7f00001a7f05)=""/251}, 0x48) [ 56.621804][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.637226][ T7295] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.649541][ T7300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.666595][ T7300] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.673746][ T7300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.707902][ T7303] IPVS: ftp: loaded support on port[0] = 21 [ 56.749991][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.763431][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.770527][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.822484][ T7298] chnl_net:caif_netlink_parms(): no params data found [ 56.849114][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.859199][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.881089][ T7295] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.893217][ T7295] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.917128][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.927853][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.937664][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.995248][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.017517][ T7295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.057166][ T7298] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.070112][ T7298] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.085630][ T7298] device bridge_slave_0 entered promiscuous mode [ 57.099762][ T7298] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.108583][ T7298] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.116884][ T7298] device bridge_slave_1 entered promiscuous mode 08:49:31 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) [ 57.164386][ T7306] IPVS: ftp: loaded support on port[0] = 21 [ 57.165893][ T7298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.181808][ T7298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.310058][ T7298] team0: Port device team_slave_0 added [ 57.329661][ T7298] team0: Port device team_slave_1 added [ 57.335679][ C1] hrtimer: interrupt took 32925 ns [ 57.365624][ T7303] chnl_net:caif_netlink_parms(): no params data found [ 57.486725][ T7298] device hsr_slave_0 entered promiscuous mode [ 57.543464][ T7298] device hsr_slave_1 entered promiscuous mode [ 57.582999][ T7298] debugfs: Directory 'hsr0' with parent '/' already present! [ 57.655175][ T7298] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.662266][ T7298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.669854][ T7298] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.676941][ T7298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.687553][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.699335][ T7303] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.708016][ T7303] device bridge_slave_0 entered promiscuous mode [ 57.728464][ T7332] IPVS: ftp: loaded support on port[0] = 21 [ 57.746409][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.757958][ T7303] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.776226][ T7303] device bridge_slave_1 entered promiscuous mode [ 57.860643][ T7303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.880821][ T7306] chnl_net:caif_netlink_parms(): no params data found [ 57.893259][ T7303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 08:49:32 executing program 5: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 57.909654][ T7298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.959523][ T7303] team0: Port device team_slave_0 added [ 57.967874][ T7298] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.996174][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.005354][ T3022] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.027185][ T3022] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.041741][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 58.060904][ T7303] team0: Port device team_slave_1 added [ 58.071975][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.082153][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.102010][ T7306] device bridge_slave_0 entered promiscuous mode 08:49:32 executing program 0: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "78395c95d0fdfb60", "520b1e4a8ff7af2c241636098c1c22ff", "a9016007", "f6885a10e7196cef"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) [ 58.120681][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.135846][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.183772][ T7306] device bridge_slave_1 entered promiscuous mode [ 58.211088][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.226956][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.239247][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.246370][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.300884][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.309828][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.318634][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.325728][ T3022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.333606][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.342397][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.351463][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.359973][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.368820][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.377381][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.386087][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.394471][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.466104][ T7303] device hsr_slave_0 entered promiscuous mode [ 58.513303][ T7303] device hsr_slave_1 entered promiscuous mode [ 58.553010][ T7303] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.566682][ T7306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.578000][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.589193][ T7298] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.600729][ T7298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.618682][ T7339] IPVS: ftp: loaded support on port[0] = 21 [ 58.627263][ T7306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.638489][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.647233][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.702694][ T7306] team0: Port device team_slave_0 added [ 58.731481][ T7298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.741261][ T7306] team0: Port device team_slave_1 added [ 58.796512][ T7332] chnl_net:caif_netlink_parms(): no params data found [ 58.865689][ T7306] device hsr_slave_0 entered promiscuous mode [ 58.913427][ T7306] device hsr_slave_1 entered promiscuous mode [ 58.952972][ T7306] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.980851][ T7303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.053871][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.075606][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.088216][ T25] kauditd_printk_skb: 3 callbacks suppressed 08:49:33 executing program 0: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "78395c95d0fdfb60", "520b1e4a8ff7af2c241636098c1c22ff", "a9016007", "f6885a10e7196cef"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) [ 59.088245][ T25] audit: type=1800 audit(1570697373.591:31): pid=7348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 59.119675][ T7303] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.139340][ T7332] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.147738][ T7332] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.149796][ T25] audit: type=1804 audit(1570697373.661:32): pid=7349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir058426595/syzkaller.J6rWK4/0/file0" dev="sda1" ino=16524 res=1 [ 59.160171][ T7332] device bridge_slave_0 entered promiscuous mode [ 59.180632][ T25] audit: type=1800 audit(1570697373.661:33): pid=7349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 59.233190][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.249051][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.258707][ T25] audit: type=1804 audit(1570697373.741:34): pid=7353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir058426595/syzkaller.J6rWK4/0/file0" dev="sda1" ino=16524 res=1 [ 59.287786][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.294907][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.307183][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.316524][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.329115][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.336233][ T3022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.344663][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.354019][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.363212][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.371870][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.380841][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.389765][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.398705][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.407123][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.424473][ T7332] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.431524][ T7332] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.439781][ T7332] device bridge_slave_1 entered promiscuous mode [ 59.455778][ T7303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.466832][ T7303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.478026][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.486534][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.495847][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.506337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.517232][ T7306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.544033][ T7339] chnl_net:caif_netlink_parms(): no params data found [ 59.574442][ T7332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.590872][ T7332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.627397][ T7332] team0: Port device team_slave_0 added [ 59.634968][ T7332] team0: Port device team_slave_1 added [ 59.642631][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.650704][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.660451][ T7306] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.675363][ T7303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.682599][ T7339] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.690128][ T7339] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.703866][ T7339] device bridge_slave_0 entered promiscuous mode [ 59.732998][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.741933][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.751513][ T3041] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.758585][ T3041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.767365][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.776313][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.784871][ T3041] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.791907][ T3041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.800202][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.809359][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.819314][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.828241][ T7339] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.840599][ T7339] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.849311][ T7339] device bridge_slave_1 entered promiscuous mode 08:49:34 executing program 1: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 59.906321][ T7332] device hsr_slave_0 entered promiscuous mode [ 59.943462][ T7332] device hsr_slave_1 entered promiscuous mode [ 59.955475][ T25] audit: type=1800 audit(1570697374.461:35): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 59.993007][ T7332] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.010862][ T7300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.019004][ T25] audit: type=1804 audit(1570697374.511:36): pid=7362 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir058426595/syzkaller.J6rWK4/1/file0" dev="sda1" ino=16524 res=1 [ 60.045932][ T7300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.054918][ T25] audit: type=1800 audit(1570697374.511:37): pid=7362 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 60.066479][ T7300] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 08:49:34 executing program 0: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "78395c95d0fdfb60", "520b1e4a8ff7af2c241636098c1c22ff", "a9016007", "f6885a10e7196cef"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) [ 60.117459][ T7306] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.153939][ T25] audit: type=1804 audit(1570697374.621:38): pid=7363 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir058426595/syzkaller.J6rWK4/1/file0" dev="sda1" ino=16524 res=1 [ 60.218604][ T7306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.244004][ T7339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.283227][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.291998][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 08:49:34 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) [ 60.337143][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.345869][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.354879][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.363521][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.391983][ T7306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.429366][ T7339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.457998][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.471130][ T7332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.496352][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 08:49:35 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) [ 60.509224][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.527666][ T7332] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.538910][ T7339] team0: Port device team_slave_0 added [ 60.593933][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.609415][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.618253][ T7335] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.625340][ T7335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.633933][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 08:49:35 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) [ 60.662272][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.675856][ T7335] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.682980][ T7335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.701858][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.716673][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.739425][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.750756][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.760297][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.788652][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 08:49:35 executing program 1: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 60.830577][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.854554][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.869863][ T7339] team0: Port device team_slave_1 added [ 60.886444][ T7332] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.907741][ T25] audit: type=1800 audit(1570697375.411:39): pid=7384 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 60.928000][ T7332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.978928][ T25] audit: type=1804 audit(1570697375.481:40): pid=7386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir058426595/syzkaller.J6rWK4/2/file0" dev="sda1" ino=16524 res=1 [ 61.004991][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.021954][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.064785][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.084018][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 08:49:35 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) [ 61.153028][ T7332] 8021q: adding VLAN 0 to HW filter on device batadv0 08:49:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x7, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x800000000000002, 0x0, 0x7, 0x61}]}, &(0x7f0000000240)='GPL\x00', 0x2, 0x2e6, &(0x7f00001a7f05)=""/251}, 0x48) [ 61.231010][ T7339] device hsr_slave_0 entered promiscuous mode [ 61.305746][ T7339] device hsr_slave_1 entered promiscuous mode [ 61.345765][ T7339] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.466605][ T7339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.489999][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.507817][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.518548][ T7339] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.545591][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.559812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.569597][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.576721][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.594809][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.610118][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.619449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.628439][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.635573][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.654243][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.663816][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.673307][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.682028][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.691126][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.700591][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.709653][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 08:49:36 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) [ 61.718424][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.727582][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.737867][ T7339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.754509][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.778503][ T7339] 8021q: adding VLAN 0 to HW filter on device batadv0 08:49:36 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) 08:49:36 executing program 0: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x7, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x800000000000002, 0x0, 0x7, 0x61}]}, &(0x7f0000000240)='GPL\x00', 0x2, 0x2e6, &(0x7f00001a7f05)=""/251}, 0x48) 08:49:36 executing program 1: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:36 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) 08:49:36 executing program 5: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:49:36 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x26) prctl$PR_SET_KEEPCAPS(0x8, 0x0) 08:49:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x7, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x800000000000002, 0x0, 0x7, 0x61}]}, &(0x7f0000000240)='GPL\x00', 0x2, 0x2e6, &(0x7f00001a7f05)=""/251}, 0x48) 08:49:36 executing program 5: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:49:36 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) 08:49:36 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) 08:49:37 executing program 5: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:49:37 executing program 3: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:37 executing program 0: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:37 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) 08:49:37 executing program 4: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:37 executing program 5: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:37 executing program 1: r0 = open(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) socket$inet6(0xa, 0x802, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(r2, &(0x7f0000000040)={0x30}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xca00, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7bf}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x800}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc8d0) sendfile(r1, r5, 0x0, 0x7fffffa7) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @mcast1, 0xcb9}, @in6={0xa, 0x4e23, 0x3f, @loopback, 0x7fff}, @in6={0xa, 0x0, 0x0, @rand_addr="7ef1f5a4b557f07c5c33c6b47f782057", 0x9}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @rand_addr=0x6}], 0x74) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f00000001c0)) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:49:37 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40004008af25, &(0x7f0000000300)=0x800000002) [ 63.342687][ T7480] ================================================================== [ 63.350854][ T7480] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 63.359258][ T7480] [ 63.361598][ T7480] read to 0xffff888126b73c28 of 8 bytes by task 7479 on cpu 1: [ 63.369147][ T7480] ext4_es_lookup_extent+0x3ba/0x510 [ 63.374435][ T7480] ext4_map_blocks+0xc2/0xf70 [ 63.379113][ T7480] _ext4_get_block+0x12d/0x2b0 [ 63.383899][ T7480] ext4_dio_get_block+0x9f/0xb0 [ 63.388749][ T7480] do_direct_IO+0x1409/0x59b0 [ 63.393433][ T7480] do_blockdev_direct_IO+0x6b7/0x4cc0 [ 63.398807][ T7480] __blockdev_direct_IO+0x86/0xa0 [ 63.403869][ T7480] ext4_direct_IO+0x32f/0xf70 [ 63.408560][ T7480] generic_file_read_iter+0x1b0/0x1440 [ 63.414027][ T7480] ext4_file_read_iter+0xfa/0x240 [ 63.419057][ T7480] generic_file_splice_read+0x35c/0x500 [ 63.424600][ T7480] do_splice_to+0xf2/0x130 [ 63.429020][ T7480] splice_direct_to_actor+0x1a1/0x510 [ 63.434389][ T7480] do_splice_direct+0x161/0x1e0 [ 63.439226][ T7480] [ 63.441554][ T7480] write to 0xffff888126b73c28 of 8 bytes by task 7480 on cpu 0: [ 63.449179][ T7480] ext4_es_lookup_extent+0x3d3/0x510 [ 63.454460][ T7480] ext4_map_blocks+0xc2/0xf70 [ 63.459129][ T7480] _ext4_get_block+0x12d/0x2b0 [ 63.463893][ T7480] ext4_get_block_trans+0xf4/0x1d0 [ 63.469009][ T7480] ext4_dio_get_block_unwritten_sync+0x59/0xc0 [ 63.475166][ T7480] do_direct_IO+0x1409/0x59b0 [ 63.479855][ T7480] do_blockdev_direct_IO+0x6b7/0x4cc0 [ 63.485227][ T7480] __blockdev_direct_IO+0x86/0xa0 [ 63.490267][ T7480] ext4_direct_IO+0x6f5/0xf70 [ 63.494940][ T7480] generic_file_direct_write+0x14d/0x2e0 [ 63.500572][ T7480] __generic_file_write_iter+0x17e/0x380 [ 63.506204][ T7480] ext4_file_write_iter+0x1fc/0xa40 [ 63.515312][ T7480] do_iter_readv_writev+0x487/0x5b0 [ 63.520496][ T7480] [ 63.522808][ T7480] Reported by Kernel Concurrency Sanitizer on: [ 63.528960][ T7480] CPU: 0 PID: 7480 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 63.536408][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.546456][ T7480] ================================================================== [ 63.554512][ T7480] Kernel panic - not syncing: panic_on_warn set ... [ 63.561099][ T7480] CPU: 0 PID: 7480 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 63.568544][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.578585][ T7480] Call Trace: [ 63.581888][ T7480] dump_stack+0xf5/0x159 [ 63.586141][ T7480] panic+0x209/0x639 [ 63.590043][ T7480] ? ext4_direct_IO+0x6f5/0xf70 [ 63.594888][ T7480] ? vprintk_func+0x8d/0x140 [ 63.599485][ T7480] kcsan_report.cold+0xc/0x1b [ 63.604187][ T7480] __kcsan_setup_watchpoint+0x3ee/0x510 [ 63.609735][ T7480] __tsan_write8+0x32/0x40 [ 63.614244][ T7480] ext4_es_lookup_extent+0x3d3/0x510 [ 63.619537][ T7480] ext4_map_blocks+0xc2/0xf70 [ 63.624223][ T7480] ? prep_new_page+0xba/0x200 [ 63.628902][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.634539][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.640177][ T7480] _ext4_get_block+0x12d/0x2b0 [ 63.644944][ T7480] ? __ext4_journal_start_sb+0xce/0x240 [ 63.650495][ T7480] ext4_get_block_trans+0xf4/0x1d0 [ 63.655626][ T7480] ext4_dio_get_block_unwritten_sync+0x59/0xc0 [ 63.661782][ T7480] do_direct_IO+0x1409/0x59b0 [ 63.666464][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.672205][ T7480] ? should_fail+0xd4/0x45d [ 63.676722][ T7480] ? __tsan_read8+0x2c/0x30 [ 63.681236][ T7480] ? blk_start_plug+0x62/0x120 [ 63.686032][ T7480] do_blockdev_direct_IO+0x6b7/0x4cc0 [ 63.691417][ T7480] ? ___cache_free+0x2e/0x320 [ 63.696100][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.701735][ T7480] ? write_end_fn+0xd0/0xd0 [ 63.706259][ T7480] ? ext4_dio_get_block_unwritten_async+0x1a0/0x1a0 [ 63.712868][ T7480] ? ext4_dio_get_block_unwritten_async+0x1a0/0x1a0 [ 63.719458][ T7480] ? ext4_dio_get_block_unwritten_async+0x1a0/0x1a0 [ 63.726049][ T7480] __blockdev_direct_IO+0x86/0xa0 [ 63.731087][ T7480] ? write_end_fn+0xd0/0xd0 [ 63.735719][ T7480] ext4_direct_IO+0x6f5/0xf70 [ 63.740415][ T7480] ? ext4_dio_get_block_unwritten_async+0x1a0/0x1a0 [ 63.747013][ T7480] generic_file_direct_write+0x14d/0x2e0 [ 63.752657][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.758826][ T7480] __generic_file_write_iter+0x17e/0x380 [ 63.764572][ T7480] ext4_file_write_iter+0x1fc/0xa40 [ 63.769789][ T7480] do_iter_readv_writev+0x487/0x5b0 [ 63.774996][ T7480] do_iter_write+0x13b/0x3c0 [ 63.779589][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.785226][ T7480] ? __kcsan_setup_watchpoint+0x96/0x510 [ 63.791958][ T7480] vfs_iter_write+0x5c/0x80 [ 63.796491][ T7480] iter_file_splice_write+0x4c0/0x7f0 [ 63.801882][ T7480] ? page_cache_pipe_buf_release+0x100/0x100 [ 63.807867][ T7480] direct_splice_actor+0xa0/0xc0 [ 63.812812][ T7480] splice_direct_to_actor+0x215/0x510 [ 63.818188][ T7480] ? generic_pipe_buf_nosteal+0x20/0x20 [ 63.823742][ T7480] do_splice_direct+0x161/0x1e0 [ 63.828606][ T7480] do_sendfile+0x384/0x7f0 [ 63.833124][ T7480] __x64_sys_sendfile64+0x12a/0x140 [ 63.838331][ T7480] do_syscall_64+0xcf/0x2f0 [ 63.842848][ T7480] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.848743][ T7480] RIP: 0033:0x459a59 [ 63.852645][ T7480] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.872436][ T7480] RSP: 002b:00007f22c243cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 63.881007][ T7480] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a59 [ 63.889226][ T7480] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000004 [ 63.897654][ T7480] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 63.905635][ T7480] R10: 000000007fffffa7 R11: 0000000000000246 R12: 00007f22c243d6d4 [ 63.913616][ T7480] R13: 00000000004c748b R14: 00000000004dd038 R15: 00000000ffffffff [ 63.923014][ T7480] Kernel Offset: disabled [ 63.927339][ T7480] Rebooting in 86400 seconds..