Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. 2020/09/21 21:03:07 fuzzer started 2020/09/21 21:03:07 dialing manager at 10.128.0.105:33267 2020/09/21 21:03:08 syscalls: 3337 2020/09/21 21:03:08 code coverage: enabled 2020/09/21 21:03:08 comparison tracing: enabled 2020/09/21 21:03:08 extra coverage: enabled 2020/09/21 21:03:08 setuid sandbox: enabled 2020/09/21 21:03:08 namespace sandbox: enabled 2020/09/21 21:03:08 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/21 21:03:08 fault injection: enabled 2020/09/21 21:03:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/21 21:03:08 net packet injection: enabled 2020/09/21 21:03:08 net device setup: enabled 2020/09/21 21:03:08 concurrency sanitizer: enabled 2020/09/21 21:03:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/21 21:03:08 USB emulation: enabled 2020/09/21 21:03:08 hci packet injection: enabled 2020/09/21 21:03:10 suppressing KCSAN reports in functions: 'n_tty_receive_buf_common' 'blk_mq_dispatch_rq_list' 'futex_wait_queue_me' '__xa_clear_mark' 'ext4_free_inode' 'blk_mq_rq_ctx_init' 'ext4_writepages' 'alloc_pid' '__ext4_new_inode' 'snd_rawmidi_kernel_write1' 'do_nanosleep' 'blk_mq_sched_dispatch_requests' 'blk_mq_do_dispatch_sched' '__mark_inode_dirty' 'ext4_free_inodes_count' 21:03:19 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:19 executing program 1: unshare(0x40400) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x123002, 0x0) ioctl$int_in(r0, 0xc0045009, &(0x7f00000000c0)=0x10) 21:03:19 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x21, 0x0, 0x2) 21:03:19 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000540), 0x187, 0x0) 21:03:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:20 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syzkaller login: [ 46.297222][ T8707] IPVS: ftp: loaded support on port[0] = 21 [ 46.354503][ T8707] chnl_net:caif_netlink_parms(): no params data found [ 46.383444][ T8707] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.390930][ T8707] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.405125][ T8707] device bridge_slave_0 entered promiscuous mode [ 46.412678][ T8707] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.419830][ T8707] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.427364][ T8707] device bridge_slave_1 entered promiscuous mode [ 46.451104][ T8707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.469331][ T8707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.484290][ T8709] IPVS: ftp: loaded support on port[0] = 21 [ 46.485915][ T8707] team0: Port device team_slave_0 added [ 46.497132][ T8707] team0: Port device team_slave_1 added [ 46.514569][ T8707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.521621][ T8707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.548151][ T8707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.562853][ T8707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.571000][ T8707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.605297][ T8707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.646582][ T8711] IPVS: ftp: loaded support on port[0] = 21 [ 46.661672][ T8707] device hsr_slave_0 entered promiscuous mode [ 46.668465][ T8707] device hsr_slave_1 entered promiscuous mode [ 46.704221][ T8709] chnl_net:caif_netlink_parms(): no params data found [ 46.778000][ T8713] IPVS: ftp: loaded support on port[0] = 21 [ 46.828601][ T8709] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.835740][ T8709] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.844764][ T8709] device bridge_slave_0 entered promiscuous mode [ 46.853365][ T8709] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.860768][ T8709] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.868908][ T8709] device bridge_slave_1 entered promiscuous mode [ 46.915639][ T8711] chnl_net:caif_netlink_parms(): no params data found [ 46.930489][ T8715] IPVS: ftp: loaded support on port[0] = 21 [ 46.938688][ T8707] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.949149][ T8707] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.958372][ T8709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.967405][ T8707] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.003724][ T8707] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.036203][ T8709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.061095][ T8709] team0: Port device team_slave_0 added [ 47.068375][ T8709] team0: Port device team_slave_1 added [ 47.104206][ T8713] chnl_net:caif_netlink_parms(): no params data found [ 47.129917][ T8717] IPVS: ftp: loaded support on port[0] = 21 [ 47.140807][ T8709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.154622][ T8709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.180966][ T8709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.196620][ T8709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.204055][ T8709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.230335][ T8709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.265829][ T8711] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.273328][ T8711] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.281136][ T8711] device bridge_slave_0 entered promiscuous mode [ 47.292311][ T8707] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.299351][ T8707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.306606][ T8707] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.313628][ T8707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.339357][ T8715] chnl_net:caif_netlink_parms(): no params data found [ 47.350242][ T8711] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.357269][ T8711] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.364828][ T8711] device bridge_slave_1 entered promiscuous mode [ 47.389418][ T5074] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.396943][ T5074] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.411119][ T8711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.422894][ T8709] device hsr_slave_0 entered promiscuous mode [ 47.429505][ T8709] device hsr_slave_1 entered promiscuous mode [ 47.435936][ T8709] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.443631][ T8709] Cannot create hsr debugfs directory [ 47.459407][ T8711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.522407][ T8715] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.530708][ T8715] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.538777][ T8715] device bridge_slave_0 entered promiscuous mode [ 47.545761][ T8713] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.552949][ T8713] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.560573][ T8713] device bridge_slave_0 entered promiscuous mode [ 47.567812][ T8711] team0: Port device team_slave_0 added [ 47.573407][ T8713] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.580488][ T8713] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.588074][ T8713] device bridge_slave_1 entered promiscuous mode [ 47.602826][ T8713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.615871][ T8713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.626556][ T8715] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.633802][ T8715] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.641319][ T8715] device bridge_slave_1 entered promiscuous mode [ 47.648534][ T8711] team0: Port device team_slave_1 added [ 47.686630][ T8713] team0: Port device team_slave_0 added [ 47.706578][ T8715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.724297][ T8713] team0: Port device team_slave_1 added [ 47.730516][ T8711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.738192][ T8711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.764689][ T8711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.776743][ T8715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.794008][ T8715] team0: Port device team_slave_0 added [ 47.800021][ T8717] chnl_net:caif_netlink_parms(): no params data found [ 47.809062][ T8709] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.820460][ T8711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.827456][ T8711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.857006][ T8711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.868771][ T8715] team0: Port device team_slave_1 added [ 47.892005][ T8709] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.901771][ T8707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.915668][ T8715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.922755][ T8715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.949851][ T8715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.960911][ T8713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.968608][ T8713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.994742][ T8713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.005707][ T8709] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.020170][ T8709] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.033614][ T8715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.040610][ T8715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.066985][ T8715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.078116][ T8713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.085043][ T8713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.111119][ T8713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.131173][ T8707] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.150556][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.159198][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.168692][ T8711] device hsr_slave_0 entered promiscuous mode [ 48.175091][ T8711] device hsr_slave_1 entered promiscuous mode [ 48.181630][ T8711] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.189297][ T8711] Cannot create hsr debugfs directory [ 48.213522][ T8717] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.220789][ T8717] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.228644][ T8717] device bridge_slave_0 entered promiscuous mode [ 48.240694][ T8717] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.249111][ T8717] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.256445][ T8717] device bridge_slave_1 entered promiscuous mode [ 48.264831][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.273579][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.281795][ T5074] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.288896][ T5074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.296767][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.305248][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.313547][ T5074] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.320616][ T5074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.328325][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.347453][ T9123] Bluetooth: hci0: command 0x0409 tx timeout [ 48.361664][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.370579][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.379290][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.388031][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.396260][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.404854][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.414532][ T8715] device hsr_slave_0 entered promiscuous mode [ 48.421508][ T8715] device hsr_slave_1 entered promiscuous mode [ 48.428589][ T8715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.436122][ T8715] Cannot create hsr debugfs directory [ 48.443183][ T8713] device hsr_slave_0 entered promiscuous mode [ 48.449698][ T8713] device hsr_slave_1 entered promiscuous mode [ 48.456082][ T8713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.464161][ T8713] Cannot create hsr debugfs directory [ 48.477406][ T4016] Bluetooth: hci1: command 0x0409 tx timeout [ 48.492395][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.501153][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.509811][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.518414][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.538669][ T8717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.549025][ T8707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.557164][ T8717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.577948][ T8709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.594012][ T8717] team0: Port device team_slave_0 added [ 48.601471][ T8717] team0: Port device team_slave_1 added [ 48.630954][ T8711] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.645267][ T8711] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.649335][ T49] Bluetooth: hci2: command 0x0409 tx timeout [ 48.662233][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.670295][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.680716][ T8709] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.697948][ T8711] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.710430][ T8717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.717795][ T8717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.745446][ T8717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.760154][ T8711] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.776532][ T8707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.785851][ T8717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.792834][ T8717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.818728][ T9123] Bluetooth: hci3: command 0x0409 tx timeout [ 48.824917][ T8717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.836200][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.846211][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.854693][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.861719][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.869715][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.877085][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.884504][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.892879][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.910962][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.918115][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.925908][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.941174][ T8715] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 48.950874][ T8715] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 48.957331][ T5074] Bluetooth: hci4: command 0x0409 tx timeout [ 48.965696][ T8715] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 48.990013][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.997767][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.017308][ T8717] device hsr_slave_0 entered promiscuous mode [ 49.023743][ T8717] device hsr_slave_1 entered promiscuous mode [ 49.030893][ T8717] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.038624][ T8717] Cannot create hsr debugfs directory [ 49.044477][ T8715] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 49.065942][ T8709] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.077193][ T8709] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.088514][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.096791][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.105999][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.114774][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.123485][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.131816][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.140894][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.149242][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.157248][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.165644][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.173354][ T9123] Bluetooth: hci5: command 0x0409 tx timeout [ 49.207837][ T8713] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 49.218196][ T8713] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 49.227512][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.236064][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.245005][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.252667][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.262418][ T8711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.274391][ T8709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.282835][ T8713] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 49.292576][ T8713] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 49.307884][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.316013][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.326932][ T8707] device veth0_vlan entered promiscuous mode [ 49.354507][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.365552][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.375402][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.384313][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.405386][ T8711] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.420815][ T8707] device veth1_vlan entered promiscuous mode [ 49.430093][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.438313][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.445731][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.453493][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.462102][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.470576][ T9123] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.477614][ T9123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.486000][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.494112][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.504030][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.512768][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.520592][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.532802][ T8709] device veth0_vlan entered promiscuous mode [ 49.548769][ T8715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.555789][ T8717] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 49.577784][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.586153][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.596561][ T3963] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.603601][ T3963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.612632][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.621343][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.634528][ T8709] device veth1_vlan entered promiscuous mode [ 49.641789][ T8717] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 49.658138][ T8717] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 49.670020][ T8715] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.677257][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.685654][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.697774][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.705944][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.714881][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.722647][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.730902][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.744702][ T8711] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.756192][ T8711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.769299][ T8717] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 49.782981][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.791276][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.799957][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.808583][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.816658][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.825210][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.833742][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.855015][ T8707] device veth0_macvtap entered promiscuous mode [ 49.870079][ T8713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.879404][ T8707] device veth1_macvtap entered promiscuous mode [ 49.887058][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.896669][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.904540][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.913591][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.921272][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.929822][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.938052][ T5074] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.945081][ T5074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.952812][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.961398][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.969729][ T5074] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.976951][ T5074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.985535][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.005745][ T8713] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.014052][ T8711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.027762][ T8709] device veth0_macvtap entered promiscuous mode [ 50.034597][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.043883][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.051755][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.059446][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.067911][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.076262][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 50.105288][ T8707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.127636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.135961][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.144485][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.151540][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.159850][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.168360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.176485][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.183533][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.191374][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.200263][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.208949][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.217471][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.225854][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.234258][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.242998][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.251650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.260251][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.268789][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.277066][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.285580][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.293755][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.302006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.309958][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.321873][ T8709] device veth1_macvtap entered promiscuous mode [ 50.330392][ T8717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.346765][ T8707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.355088][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.364578][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.373058][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.382595][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.390328][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.397190][ T5074] Bluetooth: hci0: command 0x041b tx timeout [ 50.400052][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.412465][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.422366][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.437999][ T8717] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.446056][ T8715] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.457057][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.468116][ T8707] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.476808][ T8707] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.487865][ T8707] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.496562][ T8707] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.507853][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.516074][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.524568][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.532945][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.541279][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.549524][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.557672][ T5074] Bluetooth: hci1: command 0x041b tx timeout [ 50.565075][ T8709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 50.576849][ T8709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.587771][ T8709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.600499][ T8713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.612171][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.624135][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.632341][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.641096][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.650246][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.659056][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.667476][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.675927][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.683911][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.693582][ T8709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 50.705180][ T8709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.715997][ T8709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.717188][ T5074] Bluetooth: hci2: command 0x041b tx timeout [ 50.731145][ T8715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.745827][ T8711] device veth0_vlan entered promiscuous mode [ 50.757423][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.765767][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.774513][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.781560][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.790222][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.799411][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.808279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.815719][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.823403][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.832017][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.840375][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.847426][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.856276][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.865990][ T8709] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.875741][ T8709] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.884631][ T3963] Bluetooth: hci3: command 0x041b tx timeout [ 50.890765][ T8709] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.899574][ T8709] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.921134][ T8711] device veth1_vlan entered promiscuous mode [ 50.935093][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.943641][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.956463][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.985107][ T8717] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.995934][ T8717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.023594][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.033195][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.042135][ T28] audit: type=1804 audit(1600722205.222:2): pid=10023 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir326187539/syzkaller.PJD7sw/0/bus" dev="sda1" ino=15741 res=1 errno=0 [ 51.066932][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.077806][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.086254][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.096724][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.105074][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.115649][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.124470][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.134472][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.142125][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.159812][ T8713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.168664][ T3963] Bluetooth: hci4: command 0x041b tx timeout [ 51.190849][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.204430][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.236166][ T3963] Bluetooth: hci5: command 0x041b tx timeout [ 51.249154][ T8711] device veth0_macvtap entered promiscuous mode [ 51.271683][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.282813][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.300276][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.332803][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.364340][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 21:03:25 executing program 1: unshare(0x40400) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x123002, 0x0) ioctl$int_in(r0, 0xc0045009, &(0x7f00000000c0)=0x10) [ 51.386088][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.412201][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 21:03:25 executing program 1: unshare(0x40400) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x123002, 0x0) ioctl$int_in(r0, 0xc0045009, &(0x7f00000000c0)=0x10) [ 51.439155][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.460904][ T8717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.507619][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.523843][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 21:03:25 executing program 1: unshare(0x40400) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x123002, 0x0) ioctl$int_in(r0, 0xc0045009, &(0x7f00000000c0)=0x10) [ 51.558632][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.580320][ T8711] device veth1_macvtap entered promiscuous mode [ 51.590686][ T8715] device veth0_vlan entered promiscuous mode 21:03:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x5, 0x27, 0x6}]}, 0x28}}, 0x0) [ 51.609052][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.633021][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.675019][ T8715] device veth1_vlan entered promiscuous mode [ 51.711908][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.722485][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.754005][ T8713] device veth0_vlan entered promiscuous mode [ 51.764050][ T28] audit: type=1804 audit(1600722205.942:3): pid=10023 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir326187539/syzkaller.PJD7sw/0/bus" dev="sda1" ino=15741 res=1 errno=0 [ 51.776308][ T8711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 21:03:26 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) [ 51.797997][ T8711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.808840][ T8711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 51.820104][ T8711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.832297][ T8711] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.844563][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.853245][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.861268][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.870432][ T9123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.886724][ T8715] device veth0_macvtap entered promiscuous mode 21:03:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x5, 0x27, 0x6}]}, 0x28}}, 0x0) [ 51.899115][ T8711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 51.937214][ T8711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.956992][ T8711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 51.977218][ T8711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.997416][ T8711] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.004748][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.017018][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.031825][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.050980][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.076426][ T28] audit: type=1804 audit(1600722206.252:4): pid=10059 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir326187539/syzkaller.PJD7sw/1/bus" dev="sda1" ino=15741 res=1 errno=0 [ 52.100761][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 52.111225][ T8715] device veth1_macvtap entered promiscuous mode [ 52.122774][ T8713] device veth1_vlan entered promiscuous mode [ 52.144699][ T8711] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.167111][ T8711] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.175834][ T8711] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.184566][ T8711] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 21:03:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x5, 0x27, 0x6}]}, 0x28}}, 0x0) [ 52.238213][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 52.258921][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.285282][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 52.305860][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.326102][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 52.345745][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.379016][ T8717] device veth0_vlan entered promiscuous mode 21:03:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x5, 0x27, 0x6}]}, 0x28}}, 0x0) [ 52.398401][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 52.408712][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.434966][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.460685][ T8717] device veth1_vlan entered promiscuous mode [ 52.478278][ T9123] Bluetooth: hci0: command 0x040f tx timeout [ 52.486838][ T8713] device veth0_macvtap entered promiscuous mode [ 52.504320][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 52.517818][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 52.535508][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.559324][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.578281][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 52.600909][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.614345][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.625207][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.637429][ T9123] Bluetooth: hci1: command 0x040f tx timeout [ 52.637977][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.655499][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.667452][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.679704][ T8715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.701800][ T8713] device veth1_macvtap entered promiscuous mode [ 52.716041][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.731985][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.747268][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.755803][ T3963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.770039][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 52.796953][ T9123] Bluetooth: hci2: command 0x040f tx timeout [ 52.797240][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.834221][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 52.848600][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.860724][ T8715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 52.871675][ T8715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.883638][ T8715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.894366][ T8717] device veth0_macvtap entered promiscuous mode [ 52.916680][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.938642][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.949365][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.960350][ T3963] Bluetooth: hci3: command 0x040f tx timeout [ 52.966796][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.977773][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 52.989444][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.999778][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.011329][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.023274][ T8713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.031285][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 53.040613][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 53.050909][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.060371][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 53.071095][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.082468][ T8715] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.094717][ T8715] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.106630][ T8715] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.118371][ T8715] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.135264][ T8717] device veth1_macvtap entered promiscuous mode 21:03:27 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x21, 0x0, 0x2) [ 53.152509][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.163124][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.196996][ T4016] Bluetooth: hci4: command 0x040f tx timeout [ 53.200974][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.224932][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.246231][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.257522][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.267644][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.278599][ T4016] Bluetooth: hci5: command 0x040f tx timeout [ 53.284876][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.295081][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 53.305798][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.317132][ T8717] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.328977][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.339482][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.349573][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.360124][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.370072][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.380578][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.390403][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.400817][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.411651][ T8713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.423990][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 53.441877][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 53.451036][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.459796][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 53.468683][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.479435][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.491488][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.503428][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.514255][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.524807][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.535422][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.545581][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.556207][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.566255][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 53.576913][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.587866][ T8717] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.599571][ T8713] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.608946][ T8713] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.617761][ T8713] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.626422][ T8713] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.638929][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 53.648884][ T4016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.660970][ T8717] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.669955][ T8717] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.680243][ T8717] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.689109][ T8717] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.770058][T10090] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 53.790436][T10089] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 21:03:28 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) [ 53.958512][ T28] audit: type=1804 audit(1600722208.142:5): pid=10105 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir542521336/syzkaller.XJqqSH/8/bus" dev="sda1" ino=15765 res=1 errno=0 21:03:28 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:28 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:28 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000540), 0x187, 0x0) 21:03:28 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x21, 0x0, 0x2) 21:03:28 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 54.556782][ T5074] Bluetooth: hci0: command 0x0419 tx timeout 21:03:28 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x21, 0x0, 0x2) 21:03:28 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 54.706234][ T28] audit: type=1804 audit(1600722208.882:6): pid=10122 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir326187539/syzkaller.PJD7sw/2/bus" dev="sda1" ino=15769 res=1 errno=0 [ 54.716858][ T9123] Bluetooth: hci1: command 0x0419 tx timeout 21:03:29 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:29 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:29 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000540), 0x187, 0x0) 21:03:29 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 54.878291][ T9123] Bluetooth: hci2: command 0x0419 tx timeout [ 54.942401][T10135] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 55.036890][ T9123] Bluetooth: hci3: command 0x0419 tx timeout 21:03:29 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 55.276975][ T3963] Bluetooth: hci4: command 0x0419 tx timeout [ 55.358136][ T9123] Bluetooth: hci5: command 0x0419 tx timeout [ 55.405364][ T28] audit: type=1804 audit(1600722209.582:7): pid=10157 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir542521336/syzkaller.XJqqSH/9/bus" dev="sda1" ino=15765 res=1 errno=0 21:03:29 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:29 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:29 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000540), 0x187, 0x0) 21:03:29 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 21:03:29 executing program 5: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 21:03:30 executing program 3: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 21:03:30 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) [ 56.063139][ T28] audit: type=1804 audit(1600722210.242:8): pid=10188 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir326187539/syzkaller.PJD7sw/3/bus" dev="sda1" ino=15769 res=1 errno=0 21:03:30 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:30 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:30 executing program 3: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 21:03:30 executing program 3: unshare(0x2a000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r4 = timerfd_create(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r3) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 56.467294][ T28] audit: type=1804 audit(1600722210.652:9): pid=10200 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir068977673/syzkaller.NF3Cfh/7/bus" dev="sda1" ino=15779 res=1 errno=0 21:03:30 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) [ 56.881931][ T28] audit: type=1804 audit(1600722211.062:10): pid=10216 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir542521336/syzkaller.XJqqSH/10/bus" dev="sda1" ino=15765 res=1 errno=0 21:03:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffdc0, 0x20001732, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x4a) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom(r0, &(0x7f0000000100)=""/90, 0xffffffffffffff5e, 0x1010c, 0x0, 0x38) 21:03:31 executing program 0: setrlimit(0x7, &(0x7f0000001880)) open_tree(0xffffffffffffffff, 0x0, 0x0) 21:03:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 21:03:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 21:03:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 21:03:31 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x40081}, 0x0) 21:03:31 executing program 0: setrlimit(0x7, &(0x7f0000001880)) open_tree(0xffffffffffffffff, 0x0, 0x0) 21:03:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x84, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x84}}, 0x0) 21:03:31 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000200)='0', 0x1}], 0x1, 0x0, 0x208}}], 0x1, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) [ 57.694483][ T28] audit: type=1804 audit(1600722211.872:11): pid=10235 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir068977673/syzkaller.NF3Cfh/8/bus" dev="sda1" ino=15768 res=1 errno=0 21:03:31 executing program 0: setrlimit(0x7, &(0x7f0000001880)) open_tree(0xffffffffffffffff, 0x0, 0x0) 21:03:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x40081}, 0x0) 21:03:32 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000200)='0', 0x1}], 0x1, 0x0, 0x208}}], 0x1, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 21:03:32 executing program 0: setrlimit(0x7, &(0x7f0000001880)) open_tree(0xffffffffffffffff, 0x0, 0x0) 21:03:32 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x40081}, 0x0) 21:03:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)={0x24, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x9, 0x0, 0x0, 0x1, [@generic="60a9eea869"]}]}, 0x24}], 0x1}, 0x0) 21:03:32 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000200)='0', 0x1}], 0x1, 0x0, 0x208}}], 0x1, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 21:03:32 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x40081}, 0x0) 21:03:32 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x17) r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x128) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f0000000100), 0x8280fffffffe) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = gettid() perf_event_open(0x0, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = dup(r2) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) 21:03:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)={0x24, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x9, 0x0, 0x0, 0x1, [@generic="60a9eea869"]}]}, 0x24}], 0x1}, 0x0) 21:03:32 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x317d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 21:03:32 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000200)='0', 0x1}], 0x1, 0x0, 0x208}}], 0x1, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 21:03:32 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x84, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x84}}, 0x0) 21:03:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)={0x24, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x9, 0x0, 0x0, 0x1, [@generic="60a9eea869"]}]}, 0x24}], 0x1}, 0x0) 21:03:32 executing program 3: mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303230302c6d61785f726561643d3078303030303030303030303030303030342c66756e633d4d4d41505f434845434b2c736d61636b6673666c6f6f723db42c736d61636b66737472616e736d7574653d1772a61fa9d13c1e5e2c2e", @ANYRESDEC=0x0, @ANYBLOB=',dont_hash,fsmag']) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @rose, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r0, 0x0, 0xfffffffffffffd98, 0x0, &(0x7f0000000180)={{0x6, @rose}, [@default, @default, @rose, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) 21:03:32 executing program 4: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) connect$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) setsockopt$inet_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000040)=@ccm_128={{}, "8217b11126ce3f92", "68e25ae34b0c5b734645ef2256dd2c83", "476dc2e5", "484e9c9b6bf58121"}, 0x28) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000540)) fchdir(0xffffffffffffffff) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) r1 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x2, 0x141001) r2 = dup(r1) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4bfb, 0x0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000000)={0x1ff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) 21:03:32 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x84, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x84}}, 0x0) 21:03:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)={0x24, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x9, 0x0, 0x0, 0x1, [@generic="60a9eea869"]}]}, 0x24}], 0x1}, 0x0) 21:03:32 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x84, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x84}}, 0x0) 21:03:32 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newnexthop={0x30, 0x68, 0x3, 0x0, 0x0, {}, [@NHA_GROUP={0x4}, @NHA_ID={0x8}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6}}]}, 0x30}}, 0x0) [ 58.865888][ T28] audit: type=1804 audit(1600722213.042:12): pid=10298 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir068977673/syzkaller.NF3Cfh/9/bus" dev="sda1" ino=15768 res=1 errno=0 [ 59.143552][T10298] ================================================================== [ 59.151770][T10298] BUG: KCSAN: data-race in generic_file_buffered_read / generic_write_end [ 59.160247][T10298] [ 59.162569][T10298] write to 0xffff8880bb5265c0 of 8 bytes by task 10296 on cpu 0: [ 59.170271][T10298] generic_write_end+0x99/0x250 [ 59.175108][T10298] ext4_da_write_end+0x57e/0x760 [ 59.180058][T10298] generic_perform_write+0x23b/0x390 [ 59.185339][T10298] ext4_buffered_write_iter+0x2cc/0x3b0 [ 59.190872][T10298] ext4_file_write_iter+0x768/0x1060 [ 59.196140][T10298] do_iter_readv_writev+0x32e/0x3d0 [ 59.201321][T10298] do_iter_write+0x112/0x4b0 [ 59.205888][T10298] vfs_iter_write+0x4c/0x70 [ 59.210374][T10298] iter_file_splice_write+0x41a/0x770 [ 59.215729][T10298] direct_splice_actor+0x95/0x160 [ 59.220734][T10298] splice_direct_to_actor+0x365/0x660 [ 59.226085][T10298] do_splice_direct+0xf2/0x170 [ 59.230836][T10298] do_sendfile+0x56a/0xba0 [ 59.235234][T10298] __x64_sys_sendfile64+0xa9/0x130 [ 59.240330][T10298] do_syscall_64+0x39/0x80 [ 59.244738][T10298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.250605][T10298] [ 59.252917][T10298] read to 0xffff8880bb5265c0 of 8 bytes by task 10298 on cpu 1: [ 59.260533][T10298] generic_file_buffered_read+0x126d/0x1f60 [ 59.266413][T10298] generic_file_read_iter+0x7d/0x3e0 [ 59.271684][T10298] ext4_file_read_iter+0x2d8/0x420 [ 59.276800][T10298] generic_file_splice_read+0x22b/0x310 [ 59.282327][T10298] splice_direct_to_actor+0x2a8/0x660 [ 59.287681][T10298] do_splice_direct+0xf2/0x170 [ 59.292422][T10298] do_sendfile+0x56a/0xba0 [ 59.296820][T10298] __x64_sys_sendfile64+0xf2/0x130 [ 59.305497][T10298] do_syscall_64+0x39/0x80 [ 59.309900][T10298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.315765][T10298] [ 59.318072][T10298] Reported by Kernel Concurrency Sanitizer on: [ 59.324209][T10298] CPU: 1 PID: 10298 Comm: syz-executor.5 Not tainted 5.9.0-rc6-syzkaller #0 [ 59.332865][T10298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.342925][T10298] ================================================================== [ 59.350978][T10298] Kernel panic - not syncing: panic_on_warn set ... [ 59.357570][T10298] CPU: 1 PID: 10298 Comm: syz-executor.5 Not tainted 5.9.0-rc6-syzkaller #0 [ 59.366220][T10298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.376261][T10298] Call Trace: [ 59.379545][T10298] dump_stack+0x10f/0x19d [ 59.383860][T10298] panic+0x207/0x64a [ 59.387742][T10298] ? vprintk_emit+0x44a/0x4f0 [ 59.392407][T10298] kcsan_report+0x684/0x690 [ 59.396901][T10298] ? kcsan_setup_watchpoint+0x41e/0x4a0 [ 59.402435][T10298] ? generic_file_buffered_read+0x126d/0x1f60 [ 59.408483][T10298] ? generic_file_read_iter+0x7d/0x3e0 [ 59.413925][T10298] ? ext4_file_read_iter+0x2d8/0x420 [ 59.419204][T10298] ? generic_file_splice_read+0x22b/0x310 [ 59.424935][T10298] ? splice_direct_to_actor+0x2a8/0x660 [ 59.430580][T10298] ? do_splice_direct+0xf2/0x170 [ 59.435492][T10298] ? do_sendfile+0x56a/0xba0 [ 59.440067][T10298] ? __x64_sys_sendfile64+0xf2/0x130 [ 59.445323][T10298] ? do_syscall_64+0x39/0x80 [ 59.449903][T10298] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.455996][T10298] ? aa_sock_msg_perm+0x87/0x120 [ 59.460907][T10298] ? xas_load+0x2d0/0x2f0 [ 59.465223][T10298] kcsan_setup_watchpoint+0x41e/0x4a0 [ 59.470584][T10298] generic_file_buffered_read+0x126d/0x1f60 [ 59.476456][T10298] generic_file_read_iter+0x7d/0x3e0 [ 59.481714][T10298] ? aa_file_perm+0x129/0xe00 [ 59.486377][T10298] ? generic_splice_sendpage+0xb0/0xb0 [ 59.491809][T10298] ext4_file_read_iter+0x2d8/0x420 [ 59.496994][T10298] generic_file_splice_read+0x22b/0x310 [ 59.502515][T10298] ? splice_shrink_spd+0x60/0x60 [ 59.507438][T10298] splice_direct_to_actor+0x2a8/0x660 [ 59.512798][T10298] ? do_splice_direct+0x170/0x170 [ 59.517797][T10298] do_splice_direct+0xf2/0x170 [ 59.522548][T10298] do_sendfile+0x56a/0xba0 [ 59.526942][T10298] __x64_sys_sendfile64+0xf2/0x130 [ 59.532025][T10298] do_syscall_64+0x39/0x80 [ 59.536678][T10298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.542549][T10298] RIP: 0033:0x45d5f9 [ 59.546424][T10298] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.566017][T10298] RSP: 002b:00007fdb6f167c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 59.574404][T10298] RAX: ffffffffffffffda RBX: 0000000000027a00 RCX: 000000000045d5f9 [ 59.582436][T10298] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 59.590472][T10298] RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000 [ 59.598419][T10298] R10: 00008000fffffffe R11: 0000000000000246 R12: 000000000118cfec [ 59.606364][T10298] R13: 00007ffc1c35aa6f R14: 00007fdb6f1689c0 R15: 000000000118cfec [ 59.615732][T10298] Kernel Offset: disabled [ 59.620043][T10298] Rebooting in 86400 seconds..