[ 57.579852][ T26] audit: type=1800 audit(1576911733.826:28): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.971297][ T7844] sshd (7844) used greatest stack depth: 10136 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.192984][ T26] audit: type=1800 audit(1576911734.546:29): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 58.212968][ T26] audit: type=1800 audit(1576911734.546:30): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2019/12/21 07:02:24 fuzzer started 2019/12/21 07:02:25 dialing manager at 10.128.0.105:34305 2019/12/21 07:02:25 syscalls: 2690 2019/12/21 07:02:25 code coverage: enabled 2019/12/21 07:02:25 comparison tracing: enabled 2019/12/21 07:02:25 extra coverage: enabled 2019/12/21 07:02:25 setuid sandbox: enabled 2019/12/21 07:02:25 namespace sandbox: enabled 2019/12/21 07:02:25 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/21 07:02:25 fault injection: enabled 2019/12/21 07:02:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/21 07:02:25 net packet injection: enabled 2019/12/21 07:02:25 net device setup: enabled 2019/12/21 07:02:25 concurrency sanitizer: enabled 2019/12/21 07:02:25 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 70.445710][ T7947] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/21 07:02:35 adding functions to KCSAN blacklist: 'tick_nohz_idle_stop_tick' 'ext4_da_write_end' '__rcu_read_unlock' 'poll_schedule_timeout' 'ns_capable_common' 'fasync_remove_entry' 'tick_sched_do_timer' '__snd_rawmidi_transmit_ack' 'generic_fillattr' 'page_counter_try_charge' 'add_timer' 'blk_mq_run_hw_queue' 'ext4_free_inode' 'mod_timer' 'taskstats_exit' 'ext4_free_inodes_count' 'mm_update_next_owner' 'pid_update_inode' 'do_syslog' 'wbt_issue' 'lruvec_lru_size' 'xas_clear_mark' 'find_next_bit' 'rcu_gp_fqs_check_wake' 'tomoyo_supervisor' 'generic_write_end' 'futex_wait_queue_me' 'ext4_has_free_clusters' 'n_tty_receive_buf_common' 'ktime_get_real_seconds' 'do_nanosleep' 'netlink_deliver_tap' 'echo_char' 'exit_signals' 'virtqueue_enable_cb_delayed' 'ext4_nonda_switch' 'blk_mq_get_request' 'vti_tunnel_xmit' '__ext4_new_inode' 'skb_dequeue' 'blk_mq_dispatch_rq_list' 'vm_area_dup' 'copy_process' 'generic_update_time' 'pcpu_alloc' 'do_try_to_free_pages' 'tick_do_update_jiffies64' '__mark_inode_dirty' 'kauditd_thread' 'xas_find_marked' 'do_signal_stop' 'd_instantiate_new' 'find_get_pages_range_tag' 'ep_poll' 'wbt_done' 'timer_clear_idle' 'generic_file_read_iter' 'run_timer_softirq' 'blk_mq_sched_dispatch_requests' '__perf_event_overflow' 'ext4_mb_find_by_goal' '__hrtimer_run_queues' 'dd_has_work' 'iomap_dio_bio_actor' 'list_lru_add' 'tomoyo_check_path_acl' 07:05:22 executing program 0: syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000018000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) 07:05:23 executing program 1: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000100), 0xe) listen(r0, 0x0) accept$ax25(r0, 0x0, 0x0) [ 246.616914][ T7951] IPVS: ftp: loaded support on port[0] = 21 [ 246.716473][ T7951] chnl_net:caif_netlink_parms(): no params data found [ 246.753390][ T7951] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.761065][ T7951] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.768818][ T7951] device bridge_slave_0 entered promiscuous mode [ 246.776462][ T7951] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.784300][ T7951] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.792471][ T7951] device bridge_slave_1 entered promiscuous mode [ 246.811963][ T7951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.823003][ T7951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.842923][ T7951] team0: Port device team_slave_0 added [ 246.850197][ T7951] team0: Port device team_slave_1 added [ 246.863997][ T7954] IPVS: ftp: loaded support on port[0] = 21 07:05:23 executing program 2: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ppoll(&(0x7f0000000400)=[{r0}], 0x1, &(0x7f0000000440)={0x0, 0x989680}, 0x0, 0x0) [ 246.902415][ T7951] device hsr_slave_0 entered promiscuous mode [ 246.940714][ T7951] device hsr_slave_1 entered promiscuous mode [ 247.017394][ T7951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 247.085743][ T7951] netdevsim netdevsim0 netdevsim1: renamed from eth1 07:05:23 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) [ 247.160535][ T7956] IPVS: ftp: loaded support on port[0] = 21 [ 247.170067][ T7951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 247.222565][ T7951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 247.344806][ T7954] chnl_net:caif_netlink_parms(): no params data found [ 247.370668][ T7951] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.377730][ T7951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.385029][ T7951] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.392087][ T7951] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.409026][ T7959] IPVS: ftp: loaded support on port[0] = 21 07:05:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x6900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000380)) ptrace(0x10, r2) ptrace$cont(0x18, r2, 0x0, 0x0) [ 247.464224][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.473224][ T7954] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.482412][ T7954] device bridge_slave_0 entered promiscuous mode [ 247.517594][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.524860][ T7954] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.534076][ T7954] device bridge_slave_1 entered promiscuous mode [ 247.600809][ T7954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.621221][ T7954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.652022][ T7951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.732728][ T7954] team0: Port device team_slave_0 added [ 247.740983][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.759957][ T2652] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.767920][ T2652] bridge0: port 2(bridge_slave_1) entered disabled state 07:05:24 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="06"], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x13, &(0x7f00000001c0), 0x4) [ 247.791331][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 247.806021][ T7951] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.818120][ T7963] IPVS: ftp: loaded support on port[0] = 21 [ 247.834198][ T7954] team0: Port device team_slave_1 added [ 247.856982][ T7956] chnl_net:caif_netlink_parms(): no params data found [ 247.941961][ T7954] device hsr_slave_0 entered promiscuous mode [ 248.000155][ T7954] device hsr_slave_1 entered promiscuous mode [ 248.039854][ T7954] debugfs: Directory 'hsr0' with parent '/' already present! [ 248.047389][ T7959] chnl_net:caif_netlink_parms(): no params data found [ 248.062680][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 248.071173][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 248.079713][ T2652] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.086782][ T2652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.094778][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 248.103465][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 248.112044][ T2652] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.119061][ T2652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.126951][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 248.157099][ T7951] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 248.167582][ T7951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 248.202540][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.205042][ T7968] IPVS: ftp: loaded support on port[0] = 21 [ 248.211789][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.226099][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.235134][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.243845][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 248.252820][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 248.261319][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 248.270068][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 248.278608][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 248.287295][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 248.295536][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 248.321084][ T7956] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.328131][ T7956] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.337412][ T7956] device bridge_slave_0 entered promiscuous mode [ 248.344767][ T7956] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.351867][ T7956] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.359481][ T7956] device bridge_slave_1 entered promiscuous mode [ 248.367993][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.375059][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.383051][ T7959] device bridge_slave_0 entered promiscuous mode [ 248.415331][ T7956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.427250][ T7956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.436907][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.444040][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.451934][ T7959] device bridge_slave_1 entered promiscuous mode [ 248.465296][ T7954] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 248.522226][ T7954] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 248.581590][ T7954] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 248.632463][ T7956] team0: Port device team_slave_0 added [ 248.638199][ T7954] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 248.715819][ T7951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.725198][ T7956] team0: Port device team_slave_1 added [ 248.733148][ T7959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.747938][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 248.755502][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 248.789456][ T7959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.831175][ T7959] team0: Port device team_slave_0 added [ 248.853122][ T7963] chnl_net:caif_netlink_parms(): no params data found [ 248.891688][ T7956] device hsr_slave_0 entered promiscuous mode [ 248.893905][ T7972] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 248.905929][ T7972] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 248.914683][ T7972] F2FS-fs (loop0): Fix alignment : done, start(5120) end(13312) block(7168) [ 248.923892][ T7972] attempt to access beyond end of device [ 248.929583][ T7972] loop0: rw=12288, want=8200, limit=20 [ 248.930044][ T7956] device hsr_slave_1 entered promiscuous mode [ 248.935328][ T7972] attempt to access beyond end of device [ 248.946965][ T7972] loop0: rw=12288, want=12296, limit=20 [ 248.952759][ T7972] F2FS-fs (loop0): Failed to get valid F2FS checkpoint [ 248.960582][ T7956] debugfs: Directory 'hsr0' with parent '/' already present! [ 248.985132][ T7959] team0: Port device team_slave_1 added [ 249.008946][ T7972] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 249.012619][ T7956] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 249.023472][ T7972] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 249.032296][ T7972] F2FS-fs (loop0): Fix alignment : done, start(5120) end(13312) block(7168) [ 249.041199][ T7972] attempt to access beyond end of device [ 249.049463][ T7972] loop0: rw=12288, want=8200, limit=20 [ 249.055300][ T7972] attempt to access beyond end of device [ 249.061003][ T7972] loop0: rw=12288, want=12296, limit=20 [ 249.079596][ T7972] F2FS-fs (loop0): Failed to get valid F2FS checkpoint [ 249.101850][ T7959] device hsr_slave_0 entered promiscuous mode 07:05:25 executing program 0: syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000018000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) [ 249.140296][ T7959] device hsr_slave_1 entered promiscuous mode [ 249.179828][ T7959] debugfs: Directory 'hsr0' with parent '/' already present! [ 249.196206][ T7956] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 249.223340][ T7981] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 249.232437][ T7981] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 249.255293][ T7981] F2FS-fs (loop0): Fix alignment : done, start(5120) end(13312) block(7168) [ 249.265236][ T7956] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 249.279898][ T7981] attempt to access beyond end of device [ 249.285583][ T7981] loop0: rw=12288, want=8200, limit=20 [ 249.291123][ T7981] attempt to access beyond end of device [ 249.304062][ T7981] loop0: rw=12288, want=12296, limit=20 [ 249.311867][ T7956] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 249.318616][ T7981] F2FS-fs (loop0): Failed to get valid F2FS checkpoint 07:05:25 executing program 0: syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000018000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) [ 249.388542][ T7968] chnl_net:caif_netlink_parms(): no params data found [ 249.410076][ T7963] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.417148][ T7963] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.430520][ T7963] device bridge_slave_0 entered promiscuous mode [ 249.473411][ T7968] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.480521][ T7968] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.488204][ T7968] device bridge_slave_0 entered promiscuous mode [ 249.495439][ T7988] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 249.500623][ T7954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.509933][ T7988] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 249.518911][ T7988] F2FS-fs (loop0): Fix alignment : done, start(5120) end(13312) block(7168) [ 249.528517][ T7963] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.535797][ T7963] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.543766][ T7988] attempt to access beyond end of device [ 249.550467][ T7963] device bridge_slave_1 entered promiscuous mode [ 249.557292][ T7988] loop0: rw=12288, want=8200, limit=20 [ 249.566678][ T7988] attempt to access beyond end of device [ 249.581260][ T7968] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.588310][ T7968] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.595912][ T7988] loop0: rw=12288, want=12296, limit=20 [ 249.600619][ T7968] device bridge_slave_1 entered promiscuous mode [ 249.601543][ T7988] F2FS-fs (loop0): Failed to get valid F2FS checkpoint [ 249.622250][ T7959] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 249.671990][ T7959] netdevsim netdevsim3 netdevsim1: renamed from eth1 07:05:26 executing program 0: syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000018000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) [ 249.717735][ T7963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.728341][ T7968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.760376][ T7959] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 249.770700][ T7993] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 249.778896][ T7993] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 249.787526][ T7993] F2FS-fs (loop0): Fix alignment : done, start(5120) end(13312) block(7168) [ 249.798600][ T7959] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 249.799959][ T7993] attempt to access beyond end of device [ 249.816642][ T7993] loop0: rw=12288, want=8200, limit=20 [ 249.822698][ T7993] attempt to access beyond end of device [ 249.829061][ T7993] loop0: rw=12288, want=12296, limit=20 [ 249.835076][ T7993] F2FS-fs (loop0): Failed to get valid F2FS checkpoint [ 249.853837][ T7963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.864391][ T7968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.880958][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.890298][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.899585][ T7954] 8021q: adding VLAN 0 to HW filter on device team0 07:05:26 executing program 0: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x10d, 0xc, 0x0, &(0x7f0000000100)=0x300) [ 249.975609][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.986121][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.997728][ T7965] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.004926][ T7965] bridge0: port 1(bridge_slave_0) entered forwarding state 07:05:26 executing program 0: mmap(&(0x7f000010e000/0x3000)=nil, 0x3000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/163) [ 250.030550][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.039171][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.059735][ T7965] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.066812][ T7965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.087583][ T7968] team0: Port device team_slave_0 added [ 250.098392][ T7968] team0: Port device team_slave_1 added [ 250.118562][ T7956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.126878][ T7963] team0: Port device team_slave_0 added [ 250.134583][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.142603][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.151696][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.160496][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.168874][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 250.178383][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 07:05:26 executing program 0: mmap(&(0x7f000010e000/0x3000)=nil, 0x3000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/163) [ 250.201992][ T7963] team0: Port device team_slave_1 added [ 250.214884][ T7956] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.262081][ T7968] device hsr_slave_0 entered promiscuous mode [ 250.300396][ T7968] device hsr_slave_1 entered promiscuous mode [ 250.349832][ T7968] debugfs: Directory 'hsr0' with parent '/' already present! [ 250.361047][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 250.369593][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.378203][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 250.386726][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 250.395450][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.403152][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.411081][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 250.419366][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 250.441156][ T7954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 07:05:26 executing program 0: mmap(&(0x7f000010e000/0x3000)=nil, 0x3000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/163) [ 250.479725][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.494821][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.513660][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.520754][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.537222][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.545875][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.556696][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.563757][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.572021][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.586948][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.596174][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.605421][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.614069][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 250.662472][ T7963] device hsr_slave_0 entered promiscuous mode [ 250.690417][ T7963] device hsr_slave_1 entered promiscuous mode [ 250.729919][ T7963] debugfs: Directory 'hsr0' with parent '/' already present! [ 250.743452][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.753426][ T7968] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 250.815631][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 250.824144][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 250.833070][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.854169][ T7959] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.866063][ T7968] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 250.924049][ T7968] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 250.979595][ T7954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 250.991651][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.999242][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.007450][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 251.016160][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 251.024692][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.033526][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.042068][ T7965] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.049448][ T7965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.057696][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.066254][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.074709][ T7965] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.081945][ T7965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.089912][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 251.097567][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 251.105015][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 251.113807][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 251.123015][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 251.131456][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 251.140106][ T7965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.151780][ T7968] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 251.204800][ T7963] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 251.243679][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 251.257866][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.266758][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.275822][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 251.284242][ T7963] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 251.345153][ T7963] netdevsim netdevsim4 netdevsim2: renamed from eth2 07:05:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000900000000000000000800819500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001640)={0xffffffffffffffff}) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000400)={&(0x7f0000000280), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14}, 0x5580}}, 0x0) recvmmsg(r3, &(0x7f0000004540)=[{{0x0, 0x534, &(0x7f0000001580)=[{&(0x7f0000000100)=""/99, 0x63}], 0x1}}], 0x600, 0x0, 0x0) [ 251.399358][ T7963] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 251.432702][ T8019] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 251.465653][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.483690][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.506062][ T7959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 251.516802][ T2567] ================================================================== [ 251.517769][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.524898][ T2567] BUG: KCSAN: data-race in kcm_rcv_strparser / kcm_rfree [ 251.524901][ T2567] [ 251.524918][ T2567] read to 0xffff8880a9723f38 of 1 bytes by task 8019 on cpu 0: [ 251.524932][ T2567] kcm_rfree+0xf6/0x1e0 [ 251.524956][ T2567] skb_release_head_state+0xb8/0x180 [ 251.561552][ T2567] skb_release_all+0x1f/0x60 [ 251.566147][ T2567] kfree_skb+0x98/0x210 [ 251.567853][ T7963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.570302][ T2567] kcm_recvmsg+0x2d1/0x320 [ 251.570321][ T2567] ____sys_recvmsg+0x387/0x3a0 [ 251.570380][ T2567] ___sys_recvmsg+0xb2/0x100 [ 251.584265][ T7963] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.586100][ T2567] do_recvmmsg+0x19a/0x5c0 [ 251.586113][ T2567] __sys_recvmmsg+0x1ef/0x200 [ 251.586126][ T2567] __x64_sys_recvmmsg+0x89/0xb0 [ 251.586146][ T2567] do_syscall_64+0xcc/0x3a0 [ 251.586175][ T2567] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 251.608830][ T7963] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 251.611288][ T2567] [ 251.611305][ T2567] write to 0xffff8880a9723f38 of 1 bytes by task 2567 on cpu 1: [ 251.611324][ T2567] kcm_rcv_strparser+0x38d/0x4c0 [ 251.611346][ T2567] __strp_recv+0x348/0xf50 [ 251.615887][ T7963] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.621729][ T2567] strp_recv+0x84/0xa0 [ 251.621747][ T2567] tcp_read_sock+0x174/0x640 [ 251.621760][ T2567] strp_read_sock+0xd4/0x140 [ 251.621783][ T2567] strp_work+0x9a/0xe0 [ 251.644225][ T7963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.647141][ T2567] process_one_work+0x3d4/0x890 [ 251.647166][ T2567] worker_thread+0xa0/0x800 [ 251.684243][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.685928][ T2567] kthread+0x1d4/0x200 [ 251.685957][ T2567] ret_from_fork+0x1f/0x30 [ 251.693192][ T7956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.695277][ T2567] [ 251.706214][ T7968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.710595][ T2567] Reported by Kernel Concurrency Sanitizer on: [ 251.710619][ T2567] CPU: 1 PID: 2567 Comm: kworker/u4:4 Not tainted 5.5.0-rc1-syzkaller #0 [ 251.710628][ T2567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.710654][ T2567] Workqueue: kstrp strp_work [ 251.737329][ T7968] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.740828][ T2567] ================================================================== [ 251.740837][ T2567] Kernel panic - not syncing: panic_on_warn set ... [ 251.740857][ T2567] CPU: 1 PID: 2567 Comm: kworker/u4:4 Not tainted 5.5.0-rc1-syzkaller #0 [ 251.740866][ T2567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.740890][ T2567] Workqueue: kstrp strp_work [ 251.772752][ T7968] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 251.776806][ T2567] Call Trace: [ 251.776830][ T2567] dump_stack+0x11d/0x181 [ 251.776896][ T2567] panic+0x210/0x640 [ 251.785360][ T7968] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.795356][ T2567] ? vprintk_func+0x8d/0x140 [ 251.795377][ T2567] kcsan_report.cold+0xc/0xd [ 251.795397][ T2567] kcsan_setup_watchpoint+0x3fe/0x460 [ 251.795419][ T2567] __tsan_unaligned_write1+0xc3/0x100 [ 251.795437][ T2567] kcm_rcv_strparser+0x38d/0x4c0 [ 251.795488][ T2567] __strp_recv+0x348/0xf50 [ 251.814042][ T7968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.818167][ T2567] strp_recv+0x84/0xa0 [ 251.818228][ T2567] tcp_read_sock+0x174/0x640 [ 251.877700][ T2567] ? strp_process+0xa0/0xa0 [ 251.882228][ T2567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 251.888481][ T2567] ? tcp_recvmsg+0x1c90/0x1c90 [ 251.893264][ T2567] strp_read_sock+0xd4/0x140 [ 251.897866][ T2567] ? lock_sock_nested+0x8a/0xb0 [ 251.902752][ T2567] strp_work+0x9a/0xe0 [ 251.906858][ T2567] process_one_work+0x3d4/0x890 [ 251.911721][ T2567] worker_thread+0xa0/0x800 [ 251.916218][ T2567] kthread+0x1d4/0x200 [ 251.920288][ T2567] ? rescuer_thread+0x6a0/0x6a0 [ 251.925129][ T2567] ? kthread_unpark+0xe0/0xe0 [ 251.929846][ T2567] ret_from_fork+0x1f/0x30 [ 251.935501][ T2567] Kernel Offset: disabled [ 251.939836][ T2567] Rebooting in 86400 seconds..