[ 35.985330][ T26] audit: type=1800 audit(1571047244.945:24): pid=7228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2487 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.518864][ T26] audit: type=1800 audit(1571047245.575:25): pid=7228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 36.579494][ T26] audit: type=1800 audit(1571047245.575:26): pid=7228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. 2019/10/14 10:00:57 fuzzer started 2019/10/14 10:00:59 dialing manager at 10.128.0.105:43961 2019/10/14 10:00:59 syscalls: 2523 2019/10/14 10:00:59 code coverage: enabled 2019/10/14 10:00:59 comparison tracing: enabled 2019/10/14 10:00:59 extra coverage: extra coverage is not supported by the kernel 2019/10/14 10:00:59 setuid sandbox: enabled 2019/10/14 10:00:59 namespace sandbox: enabled 2019/10/14 10:00:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/14 10:00:59 fault injection: enabled 2019/10/14 10:00:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/14 10:00:59 net packet injection: enabled 2019/10/14 10:00:59 net device setup: enabled 2019/10/14 10:00:59 concurrency sanitizer: enabled 10:01:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) syzkaller login: [ 53.267846][ T7401] IPVS: ftp: loaded support on port[0] = 21 10:01:02 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0xa001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RREADLINK(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="a5"], 0x1) write$P9_RREMOVE(r2, &(0x7f0000000180)={0x6e785e3d1cb434ee}, 0x14df) syncfs(r2) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000100)={0x0, r2}) fdatasync(r0) [ 53.363418][ T7401] chnl_net:caif_netlink_parms(): no params data found [ 53.446401][ T7401] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.453595][ T7401] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.471168][ T7401] device bridge_slave_0 entered promiscuous mode [ 53.490940][ T7401] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.498306][ T7401] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.521205][ T7401] device bridge_slave_1 entered promiscuous mode [ 53.542963][ T7401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.553985][ T7401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.596165][ T7401] team0: Port device team_slave_0 added [ 53.621649][ T7401] team0: Port device team_slave_1 added 10:01:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42000) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000040)) [ 53.714573][ T7401] device hsr_slave_0 entered promiscuous mode [ 53.761475][ T7401] device hsr_slave_1 entered promiscuous mode [ 53.808400][ T7404] IPVS: ftp: loaded support on port[0] = 21 [ 53.824619][ T7401] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.831803][ T7401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.839415][ T7401] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.846963][ T7401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.954005][ T7401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.985866][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.006875][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.026428][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.052631][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.065818][ T7401] 8021q: adding VLAN 0 to HW filter on device team0 10:01:03 executing program 3: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000880)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) dup3(r0, r1, 0x0) [ 54.125258][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.134597][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.141700][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.152365][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.171521][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.178595][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.222381][ T7404] chnl_net:caif_netlink_parms(): no params data found [ 54.222749][ T7407] IPVS: ftp: loaded support on port[0] = 21 [ 54.235345][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.251877][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.278578][ T7401] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.310387][ T7401] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.351648][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.370902][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.379813][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.411130][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.442386][ T7401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.523219][ T7404] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.534182][ T7411] IPVS: ftp: loaded support on port[0] = 21 [ 54.541017][ T7404] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.549076][ T7404] device bridge_slave_0 entered promiscuous mode [ 54.562895][ T7404] bridge0: port 2(bridge_slave_1) entered blocking state 10:01:03 executing program 4: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x40081271, 0x0) [ 54.569968][ T7404] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.578914][ T7404] device bridge_slave_1 entered promiscuous mode [ 54.657920][ T7404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.712755][ T7404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.836117][ T7404] team0: Port device team_slave_0 added [ 54.862452][ T7404] team0: Port device team_slave_1 added [ 54.868312][ T7407] chnl_net:caif_netlink_parms(): no params data found [ 54.887723][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 10:01:04 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x4, 0x40000}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0x40000000c000000}}]}]}, 0x2c}}, 0x0) [ 55.124023][ T7404] device hsr_slave_0 entered promiscuous mode [ 55.170596][ T7404] device hsr_slave_1 entered promiscuous mode [ 55.220117][ T7404] debugfs: Directory 'hsr0' with parent '/' already present! 10:01:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 55.266973][ T7422] IPVS: ftp: loaded support on port[0] = 21 [ 55.281005][ T7411] chnl_net:caif_netlink_parms(): no params data found [ 55.325039][ T7404] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.332162][ T7404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.339443][ T7404] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.346508][ T7404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.397126][ T7407] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.404467][ T7407] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.412993][ T7407] device bridge_slave_0 entered promiscuous mode [ 55.421031][ T7407] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.428096][ T7407] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.436274][ T7407] device bridge_slave_1 entered promiscuous mode [ 55.449331][ T7425] IPVS: ftp: loaded support on port[0] = 21 [ 55.456027][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.469535][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.518104][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 55.543922][ T7411] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.551236][ T7411] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.559337][ T7411] device bridge_slave_0 entered promiscuous mode 10:01:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 55.572308][ T7407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.599880][ T7411] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.609991][ T7411] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.624291][ T7411] device bridge_slave_1 entered promiscuous mode [ 55.636889][ T7407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.683287][ T7407] team0: Port device team_slave_0 added [ 55.690730][ T7407] team0: Port device team_slave_1 added [ 55.710804][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 55.741091][ T7411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.752489][ T7411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 10:01:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 55.840994][ T7404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.864757][ T7411] team0: Port device team_slave_0 added [ 55.953373][ T7407] device hsr_slave_0 entered promiscuous mode [ 55.990722][ T7407] device hsr_slave_1 entered promiscuous mode [ 56.060123][ T7407] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.074220][ T7411] team0: Port device team_slave_1 added [ 56.087943][ T7437] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 10:01:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 56.170793][ T7404] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.213137][ T7411] device hsr_slave_0 entered promiscuous mode [ 56.243431][ T7411] device hsr_slave_1 entered promiscuous mode [ 56.270384][ T7411] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.277999][ T7422] chnl_net:caif_netlink_parms(): no params data found [ 56.292203][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.300129][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.327563][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.361730][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 10:01:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 56.371556][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.380431][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.387481][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.397848][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.421130][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.430816][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.438031][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.451440][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.460790][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.469674][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.478699][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.487877][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.496752][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.506979][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.518572][ T7425] chnl_net:caif_netlink_parms(): no params data found 10:01:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0xfffffffffffffd4f, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000200007041dfffd946f6105000200000a1f000003002808000800180004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 56.549865][ T7447] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.577285][ T7404] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.589210][ T7404] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.634699][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.651053][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.661000][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.670196][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.693740][ T7407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.702866][ T7425] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.711583][ T7425] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.719904][ T7425] device bridge_slave_0 entered promiscuous mode [ 56.733692][ T7422] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.743641][ T7422] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.751832][ T7422] device bridge_slave_0 entered promiscuous mode [ 56.759685][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.773014][ T7411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.784047][ T7407] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.791498][ T7451] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.807009][ T7425] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.814999][ T7425] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.823646][ T7425] device bridge_slave_1 entered promiscuous mode [ 56.835931][ T7422] bridge0: port 2(bridge_slave_1) entered blocking state 10:01:05 executing program 0: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) migrate_pages(0x0, 0x0, 0x0, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000001300), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x28020400) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, 0x0, 0x20000000) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x40) fchmod(0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f00000002c0)={0x0, 0x0, 'client0\x00', 0x3, "bdca57ad600a0eb8", "e4ddb64d619d110016f4ae968b7e4aeceb048d397bfaec51aa87b7fd4e323edd"}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 56.846510][ T7422] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.867073][ T7422] device bridge_slave_1 entered promiscuous mode [ 56.902283][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.911100][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.947402][ T7422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.959624][ T7404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.968654][ T7407] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.979360][ T7407] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.001621][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.011628][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.028802][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.036131][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.045046][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.054390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.063086][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.070188][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.078451][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.088215][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.097693][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.106423][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.115613][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.125010][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.134606][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.143630][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.152951][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.161891][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.170886][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.179009][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.188189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.204093][ T7411] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.222631][ T7422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.243479][ T7407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.256222][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.271526][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.302057][ T7425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.333213][ T7422] team0: Port device team_slave_0 added [ 57.339841][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.348520][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.357373][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.364458][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.372649][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.381951][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.396105][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.403282][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.416982][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.426790][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.439469][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.448444][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.457811][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.466691][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.476205][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.485050][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.518280][ T7425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.520047][ C0] hrtimer: interrupt took 61266 ns [ 57.543626][ T7425] team0: Port device team_slave_0 added [ 57.556791][ T7411] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.604609][ T7411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.628489][ T7422] team0: Port device team_slave_1 added [ 57.651137][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.669907][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.686314][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.717130][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.746352][ T7425] team0: Port device team_slave_1 added [ 57.903755][ T7422] device hsr_slave_0 entered promiscuous mode [ 57.916909][ T7476] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.000469][ T7422] device hsr_slave_1 entered promiscuous mode [ 58.050278][ T7422] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.079534][ T7411] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.164084][ T7425] device hsr_slave_0 entered promiscuous mode [ 58.230486][ T7425] device hsr_slave_1 entered promiscuous mode [ 58.280750][ T7425] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.319818][ T7422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.368429][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.388247][ T7472] ================================================================== [ 58.396544][ T7472] BUG: KCSAN: data-race in find_get_pages_range_tag / xas_clear_mark [ 58.400978][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.404703][ T7472] [ 58.414385][ T7472] write to 0xffff88812a799230 of 8 bytes by interrupt on cpu 1: [ 58.422024][ T7472] xas_clear_mark+0x11a/0x1d0 [ 58.426688][ T7472] __xa_clear_mark+0xd3/0x100 [ 58.431346][ T7472] test_clear_page_writeback+0x435/0x780 [ 58.437003][ T7472] end_page_writeback+0x9e/0x190 [ 58.441926][ T7472] ext4_finish_bio+0x40d/0x520 [ 58.446728][ T7472] ext4_end_bio+0xd2/0x310 [ 58.451128][ T7472] bio_endio+0x3ab/0x500 [ 58.455395][ T7472] blk_update_request+0x21d/0x6a0 [ 58.460406][ T7472] scsi_end_request+0x6b/0x3e0 [ 58.465156][ T7472] scsi_io_completion+0x11d/0xc80 [ 58.470360][ T7472] scsi_finish_command+0x280/0x380 [ 58.475565][ T7472] scsi_softirq_done+0x259/0x280 [ 58.480511][ T7472] blk_done_softirq+0x1eb/0x250 [ 58.485351][ T7472] __do_softirq+0x115/0x33f [ 58.489831][ T7472] run_ksoftirqd+0x46/0x60 [ 58.494324][ T7472] [ 58.496635][ T7472] read to 0xffff88812a799230 of 8 bytes by task 7472 on cpu 0: [ 58.504165][ T7472] find_get_pages_range_tag+0x3d6/0x6d0 [ 58.509755][ T7472] pagevec_lookup_range_tag+0x45/0x70 [ 58.515143][ T7472] __filemap_fdatawait_range+0xdc/0x1d0 [ 58.520672][ T7472] filemap_fdatawait_keep_errors+0x2b/0x50 [ 58.526462][ T7472] wait_sb_inodes+0x36e/0x3f0 [ 58.531115][ T7472] sync_inodes_sb+0x16e/0x1b0 [ 58.535775][ T7472] sync_filesystem+0x138/0x1a0 [ 58.540525][ T7472] __x64_sys_syncfs+0x80/0xd0 [ 58.545190][ T7472] do_syscall_64+0xcf/0x2f0 [ 58.549680][ T7472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.555540][ T7472] [ 58.557841][ T7472] Reported by Kernel Concurrency Sanitizer on: [ 58.563978][ T7472] CPU: 0 PID: 7472 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 58.571403][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.581436][ T7472] ================================================================== [ 58.589493][ T7472] Kernel panic - not syncing: panic_on_warn set ... [ 58.596073][ T7472] CPU: 0 PID: 7472 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 58.603518][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.613576][ T7472] Call Trace: [ 58.616878][ T7472] dump_stack+0xf5/0x159 [ 58.621124][ T7472] panic+0x209/0x639 [ 58.625132][ T7472] ? do_syscall_64+0xcf/0x2f0 [ 58.629810][ T7472] ? vprintk_func+0x8d/0x140 [ 58.634408][ T7472] kcsan_report.cold+0xc/0x1b [ 58.639107][ T7472] __kcsan_setup_watchpoint+0x3ee/0x510 [ 58.644652][ T7472] __tsan_read8+0x2c/0x30 [ 58.649017][ T7472] find_get_pages_range_tag+0x3d6/0x6d0 [ 58.654571][ T7472] pagevec_lookup_range_tag+0x45/0x70 [ 58.661163][ T7472] __filemap_fdatawait_range+0xdc/0x1d0 [ 58.666702][ T7472] ? __bpf_map_offload_destroy+0x100/0x160 [ 58.672516][ T7472] filemap_fdatawait_keep_errors+0x2b/0x50 [ 58.678318][ T7472] wait_sb_inodes+0x36e/0x3f0 [ 58.683005][ T7472] sync_inodes_sb+0x16e/0x1b0 [ 58.687685][ T7472] sync_filesystem+0x138/0x1a0 [ 58.692450][ T7472] __x64_sys_syncfs+0x80/0xd0 [ 58.697173][ T7472] do_syscall_64+0xcf/0x2f0 [ 58.701682][ T7472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.707561][ T7472] RIP: 0033:0x459a59 [ 58.711460][ T7472] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.731057][ T7472] RSP: 002b:00007fa5758fdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000132 [ 58.739450][ T7472] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000459a59 [ 58.747412][ T7472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 58.755462][ T7472] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 58.763432][ T7472] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5758fe6d4 [ 58.771380][ T7472] R13: 00000000004c8bdb R14: 00000000004dff18 R15: 00000000ffffffff [ 58.781055][ T7472] Kernel Offset: disabled [ 58.785393][ T7472] Rebooting in 86400 seconds..