[info] Using makefile-style concurrent boot in runlevel 2. [ 48.245611][ T26] audit: type=1800 audit(1575033561.263:21): pid=7439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 48.297537][ T26] audit: type=1800 audit(1575033561.263:22): pid=7439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. 2019/11/29 13:19:34 fuzzer started 2019/11/29 13:19:36 dialing manager at 10.128.0.105:40749 2019/11/29 13:19:36 syscalls: 2589 2019/11/29 13:19:36 code coverage: enabled 2019/11/29 13:19:36 comparison tracing: enabled 2019/11/29 13:19:36 extra coverage: extra coverage is not supported by the kernel 2019/11/29 13:19:36 setuid sandbox: enabled 2019/11/29 13:19:36 namespace sandbox: enabled 2019/11/29 13:19:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/29 13:19:36 fault injection: enabled 2019/11/29 13:19:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/29 13:19:36 net packet injection: enabled 2019/11/29 13:19:36 net device setup: enabled 2019/11/29 13:19:36 concurrency sanitizer: enabled 2019/11/29 13:19:36 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 64.112984][ T7605] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/29 13:19:44 adding functions to KCSAN blacklist: 'blk_mq_sched_dispatch_requests' 'mod_timer' 'poll_schedule_timeout' 'kauditd_thread' 'run_timer_softirq' 'do_nanosleep' 'taskstats_exit' 'wbt_issue' 'xas_find_marked' 'do_signal_stop' 'pcpu_alloc' 'tomoyo_supervisor' 'generic_write_end' 'rcu_gp_fqs_check_wake' 'sit_tunnel_xmit' 'lruvec_lru_size' 'snd_seq_check_queue' '__hrtimer_run_queues' 'ext4_has_free_clusters' 'echo_char' 'n_tty_receive_buf_common' 'pipe_poll' 'ep_poll' 'tick_do_update_jiffies64' '__ext4_new_inode' 'audit_log_start' 'tick_nohz_idle_stop_tick' 'process_srcu' 'tcp_add_backlog' '__rb_erase_color' 'ext4_nonda_switch' 'watchdog' 'mm_update_next_owner' 'generic_permission' 'dd_has_work' 'hrtimer_wakeup' 'find_next_bit' 'generic_fillattr' 'add_timer' 'find_get_pages_range_tag' 'copy_process' 'xas_clear_mark' 'list_lru_count_one' 'wbt_wait' 'tick_sched_do_timer' 'blk_mq_dispatch_rq_list' 'blk_mq_get_request' 'snd_timer_pause' 'ext4_free_inode' 'ktime_get_real_seconds' 'vm_area_dup' 13:21:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000440)=@ethtool_ts_info}) 13:21:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000015000f0008ffffffbd0301000000000095000000000000006916020000000000bf67000000000000170600000fff070067060000020000000706000007000000bf050000000000000f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c27df8ecf264e0f84f9ed7a1b142f84f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa44810b5b9088f54ed1f18e2c"], &(0x7f0000000100)='GPL\x00'}, 0x48) [ 161.900588][ T7609] IPVS: ftp: loaded support on port[0] = 21 [ 161.989309][ T7609] chnl_net:caif_netlink_parms(): no params data found [ 162.051039][ T7609] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.065190][ T7609] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.072944][ T7609] device bridge_slave_0 entered promiscuous mode [ 162.091528][ T7612] IPVS: ftp: loaded support on port[0] = 21 [ 162.098154][ T7609] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.105713][ T7609] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.117875][ T7609] device bridge_slave_1 entered promiscuous mode 13:21:15 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) [ 162.156773][ T7609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.174554][ T7609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.235917][ T7609] team0: Port device team_slave_0 added [ 162.250087][ T7612] chnl_net:caif_netlink_parms(): no params data found [ 162.259627][ T7609] team0: Port device team_slave_1 added [ 162.327497][ T7609] device hsr_slave_0 entered promiscuous mode 13:21:15 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xaa, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e0000000000000000020000001800000014000a00fe8800000000a2cd9700000000000900000000"], 0x2c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) [ 162.436164][ T7609] device hsr_slave_1 entered promiscuous mode [ 162.540909][ T7612] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.566428][ T7612] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.574260][ T7612] device bridge_slave_0 entered promiscuous mode [ 162.644091][ T7615] IPVS: ftp: loaded support on port[0] = 21 [ 162.653800][ T7612] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.672989][ T7612] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.716999][ T7612] device bridge_slave_1 entered promiscuous mode [ 162.746817][ T7622] IPVS: ftp: loaded support on port[0] = 21 [ 162.772790][ T7609] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.780007][ T7609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.787348][ T7609] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.794469][ T7609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.884338][ T7612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.918040][ T7612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 13:21:16 executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) [ 163.062810][ T7612] team0: Port device team_slave_0 added [ 163.075639][ T7640] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.085590][ T7640] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.147290][ T7612] team0: Port device team_slave_1 added [ 163.230147][ T7615] chnl_net:caif_netlink_parms(): no params data found [ 163.259754][ T7622] chnl_net:caif_netlink_parms(): no params data found [ 163.337541][ T7612] device hsr_slave_0 entered promiscuous mode [ 163.387313][ T7612] device hsr_slave_1 entered promiscuous mode [ 163.435157][ T7612] debugfs: Directory 'hsr0' with parent '/' already present! [ 163.453721][ T7609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.480422][ T7615] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.525201][ T7615] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.545714][ T7615] device bridge_slave_0 entered promiscuous mode [ 163.612927][ T7644] IPVS: ftp: loaded support on port[0] = 21 [ 163.626297][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 163.633988][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 163.703632][ T7609] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.725933][ T7622] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.732993][ T7622] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.819664][ T7622] device bridge_slave_0 entered promiscuous mode [ 163.846154][ T7615] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.853203][ T7615] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.897057][ T7615] device bridge_slave_1 entered promiscuous mode [ 164.036056][ T7622] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.043134][ T7622] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.097687][ T7622] device bridge_slave_1 entered promiscuous mode [ 164.127769][ T7615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.165751][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.207729][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.235455][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.242516][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state 13:21:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x800000009, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x60ffffffffff, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="100000000300"/16, 0x10}]) [ 164.309857][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.339451][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.388082][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.395205][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.455710][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 164.506719][ T7615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.554597][ T7609] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 164.595157][ T7609] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 164.628504][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 164.648380][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.675932][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.716082][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.755616][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.788105][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 164.815832][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 164.835880][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 164.867283][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 164.887982][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.916355][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 165.002369][ T7677] IPVS: ftp: loaded support on port[0] = 21 [ 165.003985][ T7609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.061046][ T7622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.093775][ T7622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.146150][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 165.153548][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 165.198866][ T7612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.217868][ T7615] team0: Port device team_slave_0 added [ 165.288469][ T7615] team0: Port device team_slave_1 added [ 165.296114][ T7622] team0: Port device team_slave_0 added [ 165.302080][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.310607][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.340133][ T7612] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.376550][ T7622] team0: Port device team_slave_1 added [ 165.405704][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.414374][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.425768][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.432809][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.442738][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.451619][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.464930][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.471999][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.481963][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 165.490926][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 165.499779][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 165.508525][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 165.577087][ T7622] device hsr_slave_0 entered promiscuous mode [ 165.625590][ T7622] device hsr_slave_1 entered promiscuous mode [ 165.685272][ T7622] debugfs: Directory 'hsr0' with parent '/' already present! [ 165.727041][ T7615] device hsr_slave_0 entered promiscuous mode [ 165.765653][ T7615] device hsr_slave_1 entered promiscuous mode [ 165.815166][ T7615] debugfs: Directory 'hsr0' with parent '/' already present! [ 165.824994][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 165.833178][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 165.845204][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 165.853812][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 165.863160][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 165.871869][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 13:21:18 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000440)=@ethtool_ts_info}) [ 165.907236][ T7644] chnl_net:caif_netlink_parms(): no params data found [ 165.930527][ T7612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 165.965248][ T7612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.016145][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.024473][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.189386][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 166.217754][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 13:21:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000440)=@ethtool_ts_info}) [ 166.326286][ T7612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.343634][ T7677] chnl_net:caif_netlink_parms(): no params data found [ 166.438232][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.525171][ T7644] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.557603][ T7644] device bridge_slave_0 entered promiscuous mode [ 166.615855][ T7644] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.622898][ T7644] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.690752][ T7644] device bridge_slave_1 entered promiscuous mode [ 166.816388][ T7615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.845050][ T7622] 8021q: adding VLAN 0 to HW filter on device bond0 13:21:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000440)=@ethtool_ts_info}) [ 166.919499][ T7644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.027605][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.045553][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.063734][ T7644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.129895][ T7677] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.151453][ T7677] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.193346][ T7677] device bridge_slave_0 entered promiscuous mode [ 167.239132][ T7615] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.273329][ T7644] team0: Port device team_slave_0 added [ 167.315438][ T7677] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.322558][ T7677] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.336438][ T7677] device bridge_slave_1 entered promiscuous mode 13:21:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000015000f0008ffffffbd0301000000000095000000000000006916020000000000bf67000000000000170600000fff070067060000020000000706000007000000bf050000000000000f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c27df8ecf264e0f84f9ed7a1b142f84f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa44810b5b9088f54ed1f18e2c"], &(0x7f0000000100)='GPL\x00'}, 0x48) 13:21:20 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0x3, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev}}, @in={0x2, 0x0, @multicast1}, @in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @mcast2}], 0x58) [ 167.485937][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.493906][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.557347][ T7622] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.565414][ T7644] team0: Port device team_slave_1 added [ 167.581556][ T7677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 13:21:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000015000f0008ffffffbd0301000000000095000000000000006916020000000000bf67000000000000170600000fff070067060000020000000706000007000000bf050000000000000f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c27df8ecf264e0f84f9ed7a1b142f84f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa44810b5b9088f54ed1f18e2c"], &(0x7f0000000100)='GPL\x00'}, 0x48) [ 167.676963][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.707390][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 13:21:20 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) socketpair$unix(0x1, 0x100000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "e0"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x60}}, 0x0) [ 167.788713][ T2969] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.795855][ T2969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.849490][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.904355][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.973588][ T2969] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.980706][ T2969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.056936][ T7677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 13:21:21 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000015000f0008ffffffbd0301000000000095000000000000006916020000000000bf67000000000000170600000fff070067060000020000000706000007000000bf050000000000000f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c27df8ecf264e0f84f9ed7a1b142f84f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa44810b5b9088f54ed1f18e2c"], &(0x7f0000000100)='GPL\x00'}, 0x48) [ 168.160911][ T7644] device hsr_slave_0 entered promiscuous mode [ 168.225915][ T7644] device hsr_slave_1 entered promiscuous mode [ 168.275227][ T7644] debugfs: Directory 'hsr0' with parent '/' already present! [ 168.295754][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.319335][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.374716][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.419650][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.490050][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.497179][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.597309][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.654479][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.698827][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.749701][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.792577][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.837422][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.870000][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.877093][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.908416][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.936340][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.976114][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.997623][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.022815][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.073114][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.084227][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.096327][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.104666][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.115316][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.123771][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.132123][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.140290][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.148586][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.165868][ T7622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.182598][ T7622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.226098][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.257183][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.290137][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.316358][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.324608][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.353947][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.375971][ T7677] team0: Port device team_slave_0 added [ 169.382339][ T7615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.411193][ T7615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.466260][ T7677] team0: Port device team_slave_1 added [ 169.474975][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.485492][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.590950][ T7677] device hsr_slave_0 entered promiscuous mode [ 169.628562][ T7677] device hsr_slave_1 entered promiscuous mode [ 169.668060][ T7677] debugfs: Directory 'hsr0' with parent '/' already present! [ 169.691979][ T7644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.834568][ T7644] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.897168][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.904860][ T7640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.955185][ T7833] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 170.056343][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.064921][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 13:21:23 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) [ 170.133888][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.141101][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.259320][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.319154][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.352280][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.359398][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state 13:21:23 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xaa, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e0000000000000000020000001800000014000a00fe8800000000a2cd9700000000000900000000"], 0x2c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) [ 170.436134][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.496755][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.568423][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.655916][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.664602][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.745880][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.786212][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.838679][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.876298][ T7644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.935753][ T7644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.989381][ T7862] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 171.036563][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.068598][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.109954][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.168394][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.228322][ T7677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.295396][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.302932][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.369958][ T7677] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.395398][ T7644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.415081][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.439958][ T7662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.486841][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.520787][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.559145][ T7705] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.566315][ T7705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.615738][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.624285][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.675548][ T7705] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.682631][ T7705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.720794][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.746504][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.776197][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.784827][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.832702][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.875912][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.888895][ T7677] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 171.927880][ T7677] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.953403][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.968953][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.987305][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.005813][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.025846][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.059055][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.092873][ T7677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.105268][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.114003][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.138186][ T7705] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 13:21:25 executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) [ 172.242861][ T7894] mmap: syz-executor.4 (7894) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 13:21:25 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x800000009, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x60ffffffffff, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="100000000300"/16, 0x10}]) 13:21:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x800000007}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={[], [], @rand_addr=0x2}}, 0x1c) sendmmsg(r0, &(0x7f0000000100), 0x5bd, 0x0) 13:21:25 executing program 0: r0 = perf_event_open(&(0x7f0000001200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) syz_open_dev$vcsn(0x0, 0x0, 0x403080) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) write(0xffffffffffffffff, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f000045fff8)={0x0, 0x0}) rt_sigqueueinfo(r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x80000001}) getpgrp(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) getpid() pipe(0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @reserved}, 0x10) r4 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/urandom\x00', 0x80000, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f00000000c0)) getresgid(&(0x7f0000000580), 0x0, &(0x7f0000000980)) syz_mount_image$hfsplus(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x3, &(0x7f00000026c0)=[{&(0x7f0000001280), 0x0, 0x400}, {&(0x7f00000015c0)="5236192a6c9784ba58ba9306657853d06426404fb4955c72a69b1385da0ff75c6ee40e32149fb8dd612faca231e839e0255a580334dfdcfe0144fe0c88740200adf70e3ac64f918e5fe518e2374496c7aa0e35d77d9a1d3c248a04bba51d045b63c67f79ceb1e3cdc5c5cb37c0e73ec0bce2c999c22aa499786c34e66fa571e7c3c299addab9765270688a383e09b0410845f62b7e0c0fc3b7305e61de9bb3d3963869d493297f46c066b1d27dcc82620fc4f6dd37e936aabcdab591d22ceb3f1a074481b9aede06bba3a3eebf211d7c95d5619e09c7b5e632d4d4cd1edd2973536e20dca0136d182c7fa9bb1dbbe455e93831a31c0b0a56c9a8950032753a35391dd5e2c08c5390175acfc689e8b1aee6200680b927092f02e245919457bec88f4f436b115ee32b3ecb1bf32afe10b8c448e31e652442a5c9f588312b365424118bba945de9a9809e1da712af42e41f68e7290218ca31a25531e37d8f8d3505daff31c0b592456fea50d40998658fad7f8abf75c39a718b8cce45955366e3dc586f08a2613a578be10cb3607d89d0910ea1e1ea58c5db5c42f76daba2c17fb2d1aaa4416f0610ea74e1eef54525beca5d2ce416b560106bd6568f0914a65e682b4b368cd6e07a3af2914e0b5534fda0a9818b674caf7f23869f9b8a1dfd32095a62bc31d16032bedce545f025453004d0d5c07c4574492cfc5077e5b0f481bd24ce75fac6adfc10fef14d58b20d630bd14fee929b32a14bd448c2b86ca0717d652476c0a3d564c9d4bb9a33a6d7dd97c6f66810b58578ffa483b2f263cd933ab1014bf406aa7f1d5244ad3766137d12e208c913e0326b8c7d23282c711d3436568112969a9d84895de83849f5e25e9a2b1b4fe6551205eb0afdd6ae198fc1fd918ebcd4157b78d2bb3870777e8c460837b1733d813d3959cfdf193bd47f897d881cdca739e9543a415adaa5f038892ac0068121dc8d433475789d931349812190dca5b3c7982dd630a18d50f153671b4af4e4f9b77b79f3a62678bdb1c71bc063432e6520c201ef8c11d8d994ce3f3b4e518d3a3de023eaee3a47248bd919c63d3aaa54a6c5ba0a92ad22f5b2325790811babade4fd58b9eab48320859d4c7e1216d0a7417a385dee783682da8a1c0753c6c3808758bc969ea889b910cf4a3106e7d30823239da47e4d3ecfad47227c72e3a46700100149c6e745e0aca148b630b8eb89a034c383e64ceab11523cb1a575d02cbbda4cc876ca27acca1b4abeee96e876144393d44b726f001ac2948864675ad21f8572041c743699badd2b15793f145d1262bbdd87777f1c87eb89ff165b21ff5726a8ca96c25d86a32253d642af1c737b421fc2d85498235f8a2f600ac4f52684d3824baa47636e1b6d430c08a539745340f065bff5a86f64781582962442d872bfc1e44e7f9bc7a9b138010e5f393fd414dcb97ccdc308c494aa377f3225060b5b731916022b6379c119b82dbb8a7828d5f384a4b38c0d854823ef6ff9e7d1d57c09dbefd8a02547f0c93776910f795e0ba17997be499aeff40d41b07c664187c6c4f9af5f633eec42e05464be8dd6b15fd21ff3a143ff7ee10ac19051e4a87bc427f98cba905575286a1313fce1da5a1216ea14207d520a37e4b72e4517e3ce6bc39e2c7691853ce4063f987926ab3cc78757385757ad0ae2ae594605d04260492b83bfc9fa363e6b2eff5737748b992f6f4ea92a46ece4c91bf697f79d81d49ba0d062a5bf89bc5baa0888f682468e3c60be0f215eeb46efddd6771fe9118836d68d63b18965b75d1fee1453fec67717f37609fc29eacb3243e411667156f8a8482400f6a7044d6cb6c345498d518f8e38d6232ed72a78a032ce577bfb25ffd0652df70c3f6719f6f42a1392e049ee059b029cfd5649623be47e2c8f64a357604a506d4c308258819071156b11b0ade3776e24717ebe6211bbf8761f695c1696db60bb4be34c5953a8ebf2fd6c68c01f49f6e10012cdfe16f8ef4f7024ea5fd5eb70c4acbc1e6f0eeaf5159b759a2608461b72f0539c69bf0bcd6dc2cfa6ac4cdc13c5acb562771f7e1154c4ce7a55bc8159e87e651b987b2cd47527543065d5f7d618c0c711082f87fa9d706db1c5687fec42d1b5ca5c40d41e6fd3c8a1cbf0407d2245cb09b871f557158b7d0b8444046e04d2ce1141414c2649364345ed1fe29a385772cd1d2f1886833dd9eca9086b2078991a069e7cccc1884a70023501d9d32d969cf297cbbc4b7390e05e66e03625139f7ba3df2f898a5e667b52f9bfe9d98238c50ffaaa4ce2cd65bf48c83419b72e3055052702c91fa33a711d0c20fc8d705fd4f88f8bc9e9a3f09782220a1b7014374968847d3318e5dadf31d4c9fb39df81256abeb75e6f704ef982f6015f733f1e47ac026c40ab618bed0d60faf1e57ae63f4fef5a03707beb9980f68e5cdfc509ac244381d10e73496d3a3e7da60e0488d3ea33f28e30c15701be527cb01c068622d158ece6a63fa5643c1d98f6ac52d466f2ae52806c87867ef569534778d489f2c5fc66cb3b5ce5dddd44afc7b427ff190c7c7040a36dbdc1ec755c6e8bb48f4457962925a08e20bfae8859d8ddc62822c652388555b81a80fe4e95bfd9047c71e3d265a2235b6ca278854d6d99d6ad0522f0ef1d9dee4d2ce26afd25f3d5ac1390324e8e5e593ecca7e110581abdc5349261ddc60e59309bf0ab35071fac577a5da8c25a2165af2687529738028c539e536f78a756bbc624cd376fdc883725ca9796a3258afee4f250e34061bcbf7f90a03da2ed660", 0x7c0}, {0x0}], 0x40000, 0x0) 13:21:25 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) 13:21:25 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xaa, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e0000000000000000020000001800000014000a00fe8800000000a2cd9700000000000900000000"], 0x2c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 13:21:25 executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) [ 172.401150][ T7908] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 172.430639][ C1] hrtimer: interrupt took 43911 ns 13:21:25 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) 13:21:25 executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) 13:21:25 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x800000009, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x60ffffffffff, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="100000000300"/16, 0x10}]) 13:21:25 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) 13:21:25 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f0000000040)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) rename(&(0x7f0000000080)='./bus/file0\x00', &(0x7f0000000140)='./bus/file1\x00') stat(&(0x7f0000000300)='./bus/file1\x00', &(0x7f0000000340)) 13:21:25 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xaa, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e0000000000000000020000001800000014000a00fe8800000000a2cd9700000000000900000000"], 0x2c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 13:21:26 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000200)={{0x3, @netrom, 0x40000000001}, [@null, @default, @null, @bcast, @remote, @rose, @remote, @default]}, 0x47) close(r0) [ 172.903806][ T7934] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 172.930644][ T7937] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 173.371491][ T7906] ================================================================== [ 173.379650][ T7906] BUG: KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit [ 173.387194][ T7906] [ 173.389518][ T7906] read to 0xffff888103c40884 of 4 bytes by task 7947 on cpu 1: [ 173.397185][ T7906] __dev_queue_xmit+0xc9e/0x1b40 [ 173.402109][ T7906] dev_queue_xmit+0x21/0x30 [ 173.406602][ T7906] neigh_direct_output+0x1f/0x30 [ 173.411544][ T7906] ip_finish_output2+0x4af/0xe40 [ 173.416487][ T7906] __ip_finish_output+0x23a/0x490 [ 173.421502][ T7906] ip_finish_output+0x41/0x160 [ 173.426264][ T7906] ip_output+0xdf/0x210 [ 173.430408][ T7906] ip_local_out+0x74/0x90 [ 173.434717][ T7906] ip_send_skb+0x35/0xb0 [ 173.438954][ T7906] udp_send_skb.isra.0+0x3ce/0x8c0 [ 173.444051][ T7906] udp_sendmsg+0x1568/0x1900 [ 173.448714][ T7906] udpv6_sendmsg+0xd97/0x1c20 [ 173.453382][ T7906] inet6_sendmsg+0x6d/0x90 [ 173.457788][ T7906] sock_sendmsg+0x9f/0xc0 [ 173.462119][ T7906] ___sys_sendmsg+0x2b7/0x5d0 [ 173.466794][ T7906] __sys_sendmmsg+0x123/0x350 [ 173.471557][ T7906] __x64_sys_sendmmsg+0x64/0x80 [ 173.476407][ T7906] do_syscall_64+0xcc/0x370 [ 173.480911][ T7906] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.486787][ T7906] [ 173.489107][ T7906] write to 0xffff888103c40884 of 4 bytes by task 7906 on cpu 0: [ 173.496731][ T7906] __dev_queue_xmit+0x1648/0x1b40 [ 173.501746][ T7906] dev_queue_xmit+0x21/0x30 [ 173.506248][ T7906] neigh_direct_output+0x1f/0x30 [ 173.511194][ T7906] ip_finish_output2+0x4af/0xe40 [ 173.516131][ T7906] __ip_finish_output+0x23a/0x490 [ 173.521156][ T7906] ip_finish_output+0x41/0x160 [ 173.525917][ T7906] ip_output+0xdf/0x210 [ 173.530060][ T7906] ip_local_out+0x74/0x90 [ 173.534371][ T7906] ip_send_skb+0x35/0xb0 [ 173.538610][ T7906] udp_send_skb.isra.0+0x3ce/0x8c0 [ 173.543754][ T7906] udp_sendmsg+0x1568/0x1900 [ 173.548336][ T7906] udpv6_sendmsg+0xd97/0x1c20 [ 173.553003][ T7906] inet6_sendmsg+0x6d/0x90 [ 173.557422][ T7906] sock_sendmsg+0x9f/0xc0 [ 173.561762][ T7906] ___sys_sendmsg+0x2b7/0x5d0 [ 173.566450][ T7906] __sys_sendmmsg+0x123/0x350 [ 173.571122][ T7906] __x64_sys_sendmmsg+0x64/0x80 [ 173.576058][ T7906] do_syscall_64+0xcc/0x370 [ 173.580551][ T7906] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.586425][ T7906] [ 173.588743][ T7906] Reported by Kernel Concurrency Sanitizer on: [ 173.594880][ T7906] CPU: 0 PID: 7906 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 173.603100][ T7906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.613146][ T7906] ================================================================== [ 173.621191][ T7906] Kernel panic - not syncing: panic_on_warn set ... [ 173.627768][ T7906] CPU: 0 PID: 7906 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 173.635987][ T7906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.646027][ T7906] Call Trace: [ 173.649309][ T7906] dump_stack+0x11d/0x181 [ 173.653620][ T7906] panic+0x210/0x640 [ 173.657504][ T7906] ? vprintk_func+0x8d/0x140 [ 173.662089][ T7906] kcsan_report.cold+0xc/0xd [ 173.666667][ T7906] kcsan_setup_watchpoint+0x3fe/0x460 [ 173.672031][ T7906] __tsan_unaligned_write4+0xc4/0x100 [ 173.677389][ T7906] __dev_queue_xmit+0x1648/0x1b40 [ 173.682399][ T7906] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.688622][ T7906] ? ipt_do_table+0x8e9/0xe60 [ 173.693309][ T7906] ? nf_nat_packet+0xc2/0x110 [ 173.697981][ T7906] dev_queue_xmit+0x21/0x30 [ 173.702495][ T7906] neigh_direct_output+0x1f/0x30 [ 173.707431][ T7906] ip_finish_output2+0x4af/0xe40 [ 173.712364][ T7906] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 173.721630][ T7906] __ip_finish_output+0x23a/0x490 [ 173.726642][ T7906] ? ipv4_confirm+0xdc/0x160 [ 173.731320][ T7906] ip_finish_output+0x41/0x160 [ 173.736073][ T7906] ip_output+0xdf/0x210 [ 173.740218][ T7906] ? __ip_finish_output+0x490/0x490 [ 173.745407][ T7906] ip_local_out+0x74/0x90 [ 173.749735][ T7906] ip_send_skb+0x35/0xb0 [ 173.753959][ T7906] udp_send_skb.isra.0+0x3ce/0x8c0 [ 173.759053][ T7906] udp_sendmsg+0x1568/0x1900 [ 173.763625][ T7906] ? ip_reply_glue_bits+0xb0/0xb0 [ 173.768644][ T7906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.774866][ T7906] ? __const_udelay+0x36/0x40 [ 173.779525][ T7906] ? __udelay+0x10/0x20 [ 173.783659][ T7906] udpv6_sendmsg+0xd97/0x1c20 [ 173.788327][ T7906] ? udpv6_sendmsg+0xd97/0x1c20 [ 173.793163][ T7906] ? finish_task_switch+0x7b/0x260 [ 173.798255][ T7906] ? switch_mm_irqs_off+0x1a1/0x5e0 [ 173.803448][ T7906] ? __const_udelay+0x36/0x40 [ 173.808104][ T7906] ? __udelay+0x10/0x20 [ 173.812245][ T7906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.818474][ T7906] ? aa_label_sk_perm+0x89/0xe0 [ 173.823305][ T7906] ? aa_sk_perm+0x1a4/0x450 [ 173.827793][ T7906] ? tomoyo_socket_sendmsg_permission+0xb4/0x217 [ 173.834112][ T7906] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 173.839722][ T7906] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 173.845958][ T7906] inet6_sendmsg+0x6d/0x90 [ 173.850404][ T7906] ? inet6_sendmsg+0x6d/0x90 [ 173.854981][ T7906] ? inet6_ioctl+0x140/0x140 [ 173.859569][ T7906] sock_sendmsg+0x9f/0xc0 [ 173.863882][ T7906] ___sys_sendmsg+0x2b7/0x5d0 [ 173.868641][ T7906] ? __schedule+0x31e/0x690 [ 173.873143][ T7906] ? preempt_schedule_irq+0x72/0x90 [ 173.878350][ T7906] ? retint_kernel+0x1b/0x1b [ 173.883019][ T7906] ? __sys_sendmmsg+0xfd/0x350 [ 173.887775][ T7906] __sys_sendmmsg+0x123/0x350 [ 173.892446][ T7906] ? __read_once_size+0x5a/0xe0 [ 173.897291][ T7906] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 173.903004][ T7906] ? _copy_to_user+0x84/0xb0 [ 173.907582][ T7906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.913979][ T7906] ? put_timespec64+0x94/0xc0 [ 173.918638][ T7906] __x64_sys_sendmmsg+0x64/0x80 [ 173.923483][ T7906] do_syscall_64+0xcc/0x370 [ 173.927977][ T7906] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.933847][ T7906] RIP: 0033:0x45a679 [ 173.937729][ T7906] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.957507][ T7906] RSP: 002b:00007f19b2b3cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 173.965910][ T7906] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a679 [ 173.973864][ T7906] RDX: 00000000000005bd RSI: 0000000020000100 RDI: 0000000000000004 [ 173.981814][ T7906] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 173.989775][ T7906] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19b2b3d6d4 [ 173.997738][ T7906] R13: 00000000004c8647 R14: 00000000004df348 R15: 00000000ffffffff [ 174.007035][ T7906] Kernel Offset: disabled [ 174.011360][ T7906] Rebooting in 86400 seconds..