[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.285273][ T26] audit: type=1800 audit(1573512335.912:25): pid=8733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.305465][ T26] audit: type=1800 audit(1573512335.912:26): pid=8733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.342305][ T26] audit: type=1800 audit(1573512335.912:27): pid=8733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2019/11/11 22:45:46 fuzzer started 2019/11/11 22:45:48 dialing manager at 10.128.0.26:41775 2019/11/11 22:45:48 syscalls: 2566 2019/11/11 22:45:48 code coverage: enabled 2019/11/11 22:45:48 comparison tracing: enabled 2019/11/11 22:45:48 extra coverage: enabled 2019/11/11 22:45:48 setuid sandbox: enabled 2019/11/11 22:45:48 namespace sandbox: enabled 2019/11/11 22:45:48 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/11 22:45:48 fault injection: enabled 2019/11/11 22:45:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/11 22:45:48 net packet injection: enabled 2019/11/11 22:45:48 net device setup: enabled 2019/11/11 22:45:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/11 22:45:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 22:48:15 executing program 0: r0 = socket$kcm(0x2, 0x1000000000000805, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r1) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) sendmsg(r0, &(0x7f0000000240)={&(0x7f00000002c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000200)='c', 0x1}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) 22:48:15 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3f, 0x4008001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 217.294496][ T8899] IPVS: ftp: loaded support on port[0] = 21 [ 217.438222][ T8899] chnl_net:caif_netlink_parms(): no params data found [ 217.490144][ T8899] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.498279][ T8899] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.506564][ T8899] device bridge_slave_0 entered promiscuous mode [ 217.517099][ T8899] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.524265][ T8899] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.532490][ T8899] device bridge_slave_1 entered promiscuous mode [ 217.554037][ T8899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.565644][ T8899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.599922][ T8902] IPVS: ftp: loaded support on port[0] = 21 [ 217.600040][ T8899] team0: Port device team_slave_0 added [ 217.613889][ T8899] team0: Port device team_slave_1 added 22:48:16 executing program 2: bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20800, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xd}, 0x10020, 0x0, 0x0, 0x0, 0xeda1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, 0x0) fcntl$setstatus(r0, 0x4, 0x46600) io_setup(0x0, &(0x7f00000001c0)) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x101a06, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$xdp(0x2c, 0x3, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$EVIOCGREP(r3, 0x80084503, &(0x7f00000002c0)=""/88) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f00000002c0)=""/88) renameat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', r0, &(0x7f00000002c0)='./file0\x00') r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vsock\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000380)={&(0x7f0000000080)='./file0\x00', r5}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) io_setup(0x0, &(0x7f0000000180)) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r4, &(0x7f0000000100)="bd384ce1f54f7c522811c090bbf4ef7b4926a15e53a1bbb46854e2666d33", 0x1e, 0x0, 0x0, 0x0) sendmsg$nl_netfilter(r4, 0x0, 0x0) sendto$inet(r4, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac623ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a92825a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x104eb, 0x8, 0x0, 0x27) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000040), 0x4) [ 217.699666][ T8899] device hsr_slave_0 entered promiscuous mode [ 217.756795][ T8899] device hsr_slave_1 entered promiscuous mode [ 217.840712][ T8904] IPVS: ftp: loaded support on port[0] = 21 22:48:16 executing program 3: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write(r0, &(0x7f0000000080)="e4", 0x1) [ 217.968715][ T8899] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.975981][ T8899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.983884][ T8899] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.991059][ T8899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.052385][ T8902] chnl_net:caif_netlink_parms(): no params data found [ 218.207315][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.214414][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.224774][ T8902] device bridge_slave_0 entered promiscuous mode 22:48:16 executing program 4: syz_open_dev$sndtimer(&(0x7f0000000840)='/dev/snd/timer\x00', 0x0, 0x400000) memfd_create(&(0x7f0000000540)='\x00', 0x17) r0 = inotify_init() inotify_rm_watch(r0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000300)) r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) openat$cgroup_ro(r1, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x2000002) read$eventfd(r2, &(0x7f00000003c0), 0x8) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x82400) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='cgroup.stat\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x80, 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000180)=0x0) fcntl$setstatus(r7, 0x4, 0x46600) io_submit(r8, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r7, &(0x7f0000000000), 0x10000}]) r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000180)=0x0) fcntl$setstatus(r9, 0x4, 0x46600) io_submit(r10, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r9, &(0x7f0000000000), 0x10000}]) r11 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0xb, &(0x7f0000000240)=0x0) fcntl$setstatus(r11, 0x4, 0x46600) io_submit(r12, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r11, &(0x7f0000000000), 0x10000}]) ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f0000000400)) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r13, 0x0, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r14, 0x407, 0x0) setsockopt$inet_mtu(r14, 0x0, 0xa, &(0x7f0000000000), 0xd9add715ed12ac44) ioctl$FICLONE(r14, 0x40049409, r13) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r15 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r16 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cgroup.stat\x00', 0x0, 0x0) r17 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/net/pfkey\x00', 0x486a00, 0x0) pipe(&(0x7f0000000180)) r18 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_SET_CONFIG(r17, &(0x7f0000000b00)={&(0x7f0000000a00), 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="7f009587", @ANYRES16=r18, @ANYBLOB="02002bbd7000fedbdf250c0000005c000300080008000400000008000500e000000208000400000400000800030002000000140002006c61706230000000000000000000000014000600ff01000000000000000000000000000108000800b60000000800"], 0x3}, 0x1, 0x0, 0x0, 0x4088810}, 0x1) sendmsg$IPVS_CMD_GET_INFO(r16, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r18, @ANYBLOB="000329bd7000ffdbdf250f00003e885d290459d16eeec8e404003f0000000578d7eb5a70e56813c4b3edb69b2c0126a63625bf08c0da93d6327fa4ddc0649fa0892b0a7f82b0521f55a9beb3d9ef5903e21b7a5a8f221332ffbcfa57adbe68071b9bce8ac7240003d32dd1c49ec79b5ab0b6e1278941c0cacb26fc546e04f0d630cdcfd2180374e2cf93565fe873a812c887b5b36ce9dde143b8105e2d8f69bb33ff0c81cc44cb6e0790817344d5ab36859dc6c9b3dedd4160eb261626a680061e30f705cc9db8b6ec90fdbe84b6555d9c3d0ad811ab779f1113c0f70bde7938f6d64f20d16fde5a65b046bca39a65723a36518f843d07578cf12a3cf60ad41801f1f784e310154e1f19689eee1cdb240358a8e5"], 0x1c}, 0x1, 0x0, 0x0, 0x800a5}, 0x20004000) sendmsg$IPVS_CMD_GET_SERVICE(r15, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000b40)=ANY=[@ANYBLOB="3800005b5da24f4ee87ff44c43f66e84d1a2b57f603212c60031b60ece565d642a521cd9ce06b367f6820c620d6930c629431e015272d1a45616413b38f0125b627baf3c39d12651dc10cc451b1c021f9eeb5456a2191c95f341a0e34e28d4f95138f3851b8bd65a63dbe2f26c1d44ae203947d46062770aef4bd730aa835a99f6d99b9cca888673959ff4ba655817c79d9742edced732bfbd14e3a5e7c511eb0ea0ea20c755640f37526b053e19c7bb3e05ac3fb747c13b1d79628fbbc11b0d0679907ca0eca0995ec14c22305905d0a97b11bc32e1eb06a914af520c5d7f1505f6e5be54a0febc40d2b80293", @ANYRES16=r18, @ANYBLOB="000129bd7000fedbdf250400000008000400050000000c000100080005000300000008000600655c67090800060000000000"], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x8800) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r19 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r5, r19, 0x0, 0x8000fffffffe) [ 218.250070][ T8909] IPVS: ftp: loaded support on port[0] = 21 [ 218.258218][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.265569][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.273409][ T8902] device bridge_slave_1 entered promiscuous mode [ 218.291664][ T8904] chnl_net:caif_netlink_parms(): no params data found [ 218.326927][ T8899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.373858][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.408383][ T8899] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.419119][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.429858][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.441405][ T3817] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.466849][ T3817] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.482274][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 218.523310][ T8904] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.546590][ T8904] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.558889][ T8904] device bridge_slave_0 entered promiscuous mode 22:48:17 executing program 5: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xb, 0x12, r1, 0x0) ftruncate(r0, 0x48280) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001400)=ANY=[]}}, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x39) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 218.575498][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.584272][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.597494][ T3817] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.604623][ T3817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.614356][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.624900][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.636523][ T3817] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.643614][ T3817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.669421][ T8902] team0: Port device team_slave_0 added [ 218.678039][ T8904] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.685117][ T8904] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.697400][ T8904] device bridge_slave_1 entered promiscuous mode [ 218.710854][ T8913] IPVS: ftp: loaded support on port[0] = 21 [ 218.723002][ T8915] IPVS: ftp: loaded support on port[0] = 21 [ 218.734258][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.747471][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.758877][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.767565][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.775969][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.784422][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.794776][ T8902] team0: Port device team_slave_1 added [ 218.821816][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 218.831359][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.839809][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.864975][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.873714][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.899997][ T8899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.913823][ T8904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.968713][ T8902] device hsr_slave_0 entered promiscuous mode [ 219.016624][ T8902] device hsr_slave_1 entered promiscuous mode [ 219.085999][ T8902] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.115271][ T8904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.204164][ T8904] team0: Port device team_slave_0 added [ 219.216248][ T8904] team0: Port device team_slave_1 added [ 219.222250][ T8909] chnl_net:caif_netlink_parms(): no params data found [ 219.279782][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 219.287328][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 219.308521][ T8899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.329422][ T8913] chnl_net:caif_netlink_parms(): no params data found [ 219.410466][ T8909] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.418344][ T8909] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.427537][ T8909] device bridge_slave_0 entered promiscuous mode [ 219.498239][ T8904] device hsr_slave_0 entered promiscuous mode [ 219.547815][ T8904] device hsr_slave_1 entered promiscuous mode [ 219.575577][ T8904] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.584866][ T8909] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.597070][ T8909] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.605007][ T8909] device bridge_slave_1 entered promiscuous mode [ 219.627240][ T8915] chnl_net:caif_netlink_parms(): no params data found [ 219.694996][ T8909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.713753][ T8913] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.724692][ T8913] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.732742][ T8913] device bridge_slave_0 entered promiscuous mode [ 219.744718][ T8913] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.752239][ T8913] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.760962][ T8913] device bridge_slave_1 entered promiscuous mode [ 219.773455][ T8909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.815343][ T8915] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.825554][ T8915] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.833596][ T8915] device bridge_slave_0 entered promiscuous mode [ 219.862437][ T8915] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.872503][ T8915] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.885044][ T8915] device bridge_slave_1 entered promiscuous mode [ 219.908564][ T8913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.918074][ C1] hrtimer: interrupt took 38508 ns [ 219.923518][ T8913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.951911][ T8909] team0: Port device team_slave_0 added [ 219.984179][ T8909] team0: Port device team_slave_1 added [ 220.011077][ T8902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.020698][ T8915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.039930][ T8913] team0: Port device team_slave_0 added [ 220.048207][ T8913] team0: Port device team_slave_1 added [ 220.083575][ T8902] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.093039][ T8915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.118240][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.127695][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:48:18 executing program 0: r0 = socket$kcm(0x2, 0x1000000000000805, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r1) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) sendmsg(r0, &(0x7f0000000240)={&(0x7f00000002c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000200)='c', 0x1}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) [ 220.201290][ T8913] device hsr_slave_0 entered promiscuous mode 22:48:18 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) read(r0, &(0x7f0000000000)=""/120, 0x78) [ 220.276994][ T8913] device hsr_slave_1 entered promiscuous mode [ 220.315886][ T8913] debugfs: Directory 'hsr0' with parent '/' already present! [ 220.379437][ T8909] device hsr_slave_0 entered promiscuous mode [ 220.436439][ T8909] device hsr_slave_1 entered promiscuous mode [ 220.476320][ T8909] debugfs: Directory 'hsr0' with parent '/' already present! 22:48:19 executing program 0: mlockall(0x3) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2f0000001c000507000000000d2300000200041f01000000fc0003c91300010000000000500000007321452e506f", 0x2e}], 0x1}, 0x0) clone(0x10a2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 220.497132][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.507539][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.516706][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.523798][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.541253][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.620921][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.630169][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.639735][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.646859][ T8911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.659978][ T8915] team0: Port device team_slave_0 added [ 220.691381][ T8904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.717830][ T8915] team0: Port device team_slave_1 added [ 220.730925][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.739892][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.756268][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.765117][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.780086][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 220.827181][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.842483][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.852871][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.867984][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 220.883699][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 220.894933][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 220.999531][ T8915] device hsr_slave_0 entered promiscuous mode [ 221.051855][ T8915] device hsr_slave_1 entered promiscuous mode [ 221.125562][ T8915] debugfs: Directory 'hsr0' with parent '/' already present! [ 221.138043][ T8902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.155357][ T8904] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.199137][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.214523][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.243209][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.256265][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.264798][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.271929][ T8911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.279826][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.289338][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.297875][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.305032][ T8911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.312710][ T8911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.335123][ T8902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.390121][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.398819][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 221.406365][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 221.413798][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.426699][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 22:48:20 executing program 0: mlockall(0x3) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2f0000001c000507000000000d2300000200041f01000000fc0003c91300010000000000500000007321452e506f", 0x2e}], 0x1}, 0x0) clone(0x10a2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 221.436557][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.445172][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.454008][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.474522][ T8904] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 221.543829][ T8904] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.572706][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.583704][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.599052][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.611311][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.623995][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.640384][ T3817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.757348][ T8913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.776965][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 221.784936][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 221.814519][ T8909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.837547][ T8904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.861872][ T8913] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.884180][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.904085][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.955319][ T8909] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.971610][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.990780][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.002773][ T8907] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.009934][ T8907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.024977][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.033907][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.050338][ T8907] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.057492][ T8907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.083865][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.102323][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.110988][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.201287][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.210452][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.245030][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.263303][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.287174][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 22:48:20 executing program 0: mlockall(0x3) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2f0000001c000507000000000d2300000200041f01000000fc0003c91300010000000000500000007321452e506f", 0x2e}], 0x1}, 0x0) clone(0x10a2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 22:48:20 executing program 1: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x1}) [ 222.300428][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.322101][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.333750][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.349567][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.356746][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.371694][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.380610][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.390000][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.397160][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.407844][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.417275][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.430587][ T8915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.471764][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.481771][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.499781][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.519179][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.529226][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.538230][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.548004][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.557982][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.567632][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.577202][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.586930][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.602904][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.614233][ T8913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 22:48:21 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x1}}) [ 222.644250][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.656496][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.698518][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.701044][ T8973] ================================================================== [ 222.714016][ T8973] BUG: KASAN: use-after-free in snd_timer_open+0x100a/0x1150 [ 222.721400][ T8973] Read of size 8 at addr ffff88808df93e78 by task syz-executor.1/8973 [ 222.729549][ T8973] [ 222.731877][ T8973] CPU: 0 PID: 8973 Comm: syz-executor.1 Not tainted 5.4.0-rc6-next-20191111 #0 [ 222.740807][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.750854][ T8973] Call Trace: [ 222.754140][ T8973] dump_stack+0x197/0x210 [ 222.758463][ T8973] ? snd_timer_open+0x100a/0x1150 [ 222.763476][ T8973] print_address_description.constprop.0.cold+0xd4/0x30b [ 222.770483][ T8973] ? snd_timer_open+0x100a/0x1150 [ 222.775495][ T8973] ? snd_timer_open+0x100a/0x1150 [ 222.780504][ T8973] __kasan_report.cold+0x1b/0x41 [ 222.785427][ T8973] ? __sanitizer_cov_trace_cmp2+0x10/0x20 [ 222.791135][ T8973] ? snd_timer_open+0x100a/0x1150 [ 222.796145][ T8973] kasan_report+0x12/0x20 [ 222.800462][ T8973] __asan_report_load8_noabort+0x14/0x20 [ 222.806079][ T8973] snd_timer_open+0x100a/0x1150 [ 222.810918][ T8973] ? snd_timer_close_locked+0xbd0/0xbd0 [ 222.816446][ T8973] ? kstrdup+0x5a/0x70 [ 222.820508][ T8973] __snd_timer_user_ioctl.isra.0+0x7ed/0x2070 [ 222.826561][ T8973] ? snd_timer_user_open+0x190/0x190 [ 222.831831][ T8973] ? lock_acquire+0x190/0x410 [ 222.836492][ T8973] ? snd_timer_user_ioctl+0x51/0xa7 [ 222.841678][ T8973] ? __mutex_lock+0x458/0x13c0 [ 222.846429][ T8973] ? snd_timer_user_ioctl+0x51/0xa7 [ 222.851616][ T8973] ? tomoyo_path_number_perm+0x454/0x520 [ 222.857237][ T8973] ? mutex_trylock+0x2f0/0x2f0 [ 222.861990][ T8973] ? tomoyo_path_number_perm+0x25e/0x520 [ 222.867609][ T8973] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 222.873491][ T8973] snd_timer_user_ioctl+0x7a/0xa7 [ 222.878509][ T8973] ? snd_timer_user_ioctl_compat+0x680/0x680 [ 222.884480][ T8973] do_vfs_ioctl+0x977/0x14e0 [ 222.890102][ T8973] ? compat_ioctl_preallocate+0x220/0x220 [ 222.895807][ T8973] ? __fget+0x37f/0x550 [ 222.899963][ T8973] ? ksys_dup3+0x3e0/0x3e0 [ 222.904373][ T8973] ? nsecs_to_jiffies+0x30/0x30 [ 222.909215][ T8973] ? tomoyo_file_ioctl+0x23/0x30 [ 222.914141][ T8973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.920372][ T8973] ? security_file_ioctl+0x8d/0xc0 [ 222.925474][ T8973] ksys_ioctl+0xab/0xd0 [ 222.929621][ T8973] __x64_sys_ioctl+0x73/0xb0 [ 222.934198][ T8973] do_syscall_64+0xfa/0x760 [ 222.938694][ T8973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.944574][ T8973] RIP: 0033:0x45a219 [ 222.949080][ T8973] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.968666][ T8973] RSP: 002b:00007f598dbb0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.977062][ T8973] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 [ 222.985016][ T8973] RDX: 0000000020001000 RSI: 0000000040345410 RDI: 0000000000000003 [ 222.992971][ T8973] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 223.000924][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f598dbb16d4 [ 223.008880][ T8973] R13: 00000000004cf428 R14: 00000000004d9760 R15: 00000000ffffffff [ 223.016842][ T8973] [ 223.019155][ T8973] Allocated by task 8973: [ 223.023471][ T8973] save_stack+0x23/0x90 [ 223.027611][ T8973] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 223.033224][ T8973] kasan_kmalloc+0x9/0x10 [ 223.037535][ T8973] kmem_cache_alloc_trace+0x158/0x790 [ 223.042888][ T8973] snd_timer_instance_new+0x4a/0x300 [ 223.048166][ T8973] __snd_timer_user_ioctl.isra.0+0x665/0x2070 [ 223.054216][ T8973] snd_timer_user_ioctl+0x7a/0xa7 [ 223.059224][ T8973] do_vfs_ioctl+0x977/0x14e0 [ 223.063796][ T8973] ksys_ioctl+0xab/0xd0 [ 223.067944][ T8973] __x64_sys_ioctl+0x73/0xb0 [ 223.072518][ T8973] do_syscall_64+0xfa/0x760 [ 223.077004][ T8973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.082871][ T8973] [ 223.085179][ T8973] Freed by task 8973: [ 223.089144][ T8973] save_stack+0x23/0x90 [ 223.093281][ T8973] __kasan_slab_free+0x102/0x150 [ 223.098202][ T8973] kasan_slab_free+0xe/0x10 [ 223.102683][ T8973] kfree+0x10a/0x2c0 [ 223.106563][ T8973] snd_timer_instance_free+0x7c/0xa0 [ 223.111833][ T8973] __snd_timer_user_ioctl.isra.0+0x160d/0x2070 [ 223.117992][ T8973] snd_timer_user_ioctl+0x7a/0xa7 [ 223.122997][ T8973] do_vfs_ioctl+0x977/0x14e0 [ 223.127573][ T8973] ksys_ioctl+0xab/0xd0 [ 223.131719][ T8973] __x64_sys_ioctl+0x73/0xb0 [ 223.136295][ T8973] do_syscall_64+0xfa/0x760 [ 223.140779][ T8973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.146652][ T8973] [ 223.148962][ T8973] The buggy address belongs to the object at ffff88808df93e00 [ 223.148962][ T8973] which belongs to the cache kmalloc-256 of size 256 [ 223.163009][ T8973] The buggy address is located 120 bytes inside of [ 223.163009][ T8973] 256-byte region [ffff88808df93e00, ffff88808df93f00) [ 223.176255][ T8973] The buggy address belongs to the page: [ 223.181978][ T8973] page:ffffea000237e4c0 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0 [ 223.191066][ T8973] flags: 0x1fffc0000000200(slab) [ 223.195988][ T8973] raw: 01fffc0000000200 ffffea00023e2e88 ffff8880aa401648 ffff8880aa4008c0 [ 223.204675][ T8973] raw: 0000000000000000 ffff88808df93000 0000000100000008 0000000000000000 [ 223.213235][ T8973] page dumped because: kasan: bad access detected [ 223.219624][ T8973] [ 223.221931][ T8973] Memory state around the buggy address: [ 223.227891][ T8973] ffff88808df93d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 223.235934][ T8973] ffff88808df93d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 223.243989][ T8973] >ffff88808df93e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 223.252028][ T8973] ^ [ 223.259986][ T8973] ffff88808df93e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 223.268028][ T8973] ffff88808df93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 223.276078][ T8973] ================================================================== [ 223.284127][ T8973] Disabling lock debugging due to kernel taint [ 223.299893][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.319170][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.331708][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.344726][ T8915] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.376064][ T8913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.398530][ T8909] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.406235][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.414241][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.429520][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.447279][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.450668][ T8973] Kernel panic - not syncing: panic_on_warn set ... [ 223.461892][ T8973] CPU: 0 PID: 8973 Comm: syz-executor.1 Tainted: G B 5.4.0-rc6-next-20191111 #0 [ 223.462657][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.472217][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.472223][ T8973] Call Trace: [ 223.472245][ T8973] dump_stack+0x197/0x210 [ 223.472257][ T8973] panic+0x2e3/0x75c [ 223.472267][ T8973] ? add_taint.cold+0x16/0x16 [ 223.472282][ T8973] ? snd_timer_open+0x100a/0x1150 [ 223.472303][ T8973] ? preempt_schedule+0x4b/0x60 [ 223.479377][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.489383][ T8973] ? ___preempt_schedule+0x16/0x18 [ 223.489397][ T8973] ? trace_hardirqs_on+0x5e/0x240 [ 223.489418][ T8973] ? snd_timer_open+0x100a/0x1150 [ 223.493852][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.497006][ T8973] end_report+0x47/0x4f [ 223.497023][ T8973] ? snd_timer_open+0x100a/0x1150 [ 223.497034][ T8973] __kasan_report.cold+0xe/0x41 [ 223.497047][ T8973] ? __sanitizer_cov_trace_cmp2+0x10/0x20 [ 223.497059][ T8973] ? snd_timer_open+0x100a/0x1150 [ 223.497072][ T8973] kasan_report+0x12/0x20 [ 223.497086][ T8973] __asan_report_load8_noabort+0x14/0x20 [ 223.497099][ T8973] snd_timer_open+0x100a/0x1150 [ 223.497114][ T8973] ? snd_timer_close_locked+0xbd0/0xbd0 [ 223.497127][ T8973] ? kstrdup+0x5a/0x70 [ 223.497141][ T8973] __snd_timer_user_ioctl.isra.0+0x7ed/0x2070 [ 223.497154][ T8973] ? snd_timer_user_open+0x190/0x190 [ 223.497167][ T8973] ? lock_acquire+0x190/0x410 [ 223.497179][ T8973] ? snd_timer_user_ioctl+0x51/0xa7 [ 223.497194][ T8973] ? __mutex_lock+0x458/0x13c0 [ 223.497206][ T8973] ? snd_timer_user_ioctl+0x51/0xa7 [ 223.497218][ T8973] ? tomoyo_path_number_perm+0x454/0x520 [ 223.497228][ T8973] ? mutex_trylock+0x2f0/0x2f0 [ 223.497241][ T8973] ? tomoyo_path_number_perm+0x25e/0x520 [ 223.497255][ T8973] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 223.497273][ T8973] snd_timer_user_ioctl+0x7a/0xa7 [ 223.497292][ T8973] ? snd_timer_user_ioctl_compat+0x680/0x680 [ 223.501418][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.505926][ T8973] do_vfs_ioctl+0x977/0x14e0 [ 223.505940][ T8973] ? compat_ioctl_preallocate+0x220/0x220 [ 223.505951][ T8973] ? __fget+0x37f/0x550 [ 223.505964][ T8973] ? ksys_dup3+0x3e0/0x3e0 [ 223.505975][ T8973] ? nsecs_to_jiffies+0x30/0x30 [ 223.505988][ T8973] ? tomoyo_file_ioctl+0x23/0x30 [ 223.505999][ T8973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.506011][ T8973] ? security_file_ioctl+0x8d/0xc0 [ 223.506024][ T8973] ksys_ioctl+0xab/0xd0 [ 223.506036][ T8973] __x64_sys_ioctl+0x73/0xb0 [ 223.506051][ T8973] do_syscall_64+0xfa/0x760 [ 223.506067][ T8973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.506077][ T8973] RIP: 0033:0x45a219 [ 223.506090][ T8973] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.506102][ T8973] RSP: 002b:00007f598dbb0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 223.515571][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.516230][ T8973] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 [ 223.774790][ T8973] RDX: 0000000020001000 RSI: 0000000040345410 RDI: 0000000000000003 [ 223.782828][ T8973] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 223.790781][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f598dbb16d4 [ 223.798744][ T8973] R13: 00000000004cf428 R14: 00000000004d9760 R15: 00000000ffffffff [ 223.808039][ T8973] Kernel Offset: disabled [ 223.812624][ T8973] Rebooting in 86400 seconds..