[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 65.206358][ T27] audit: type=1800 audit(1575163369.096:25): pid=9157 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 65.234917][ T27] audit: type=1800 audit(1575163369.096:26): pid=9157 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 65.279353][ T27] audit: type=1800 audit(1575163369.096:27): pid=9157 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. 2019/12/01 01:23:00 fuzzer started 2019/12/01 01:23:02 dialing manager at 10.128.0.26:34449 2019/12/01 01:23:02 syscalls: 2597 2019/12/01 01:23:02 code coverage: enabled 2019/12/01 01:23:02 comparison tracing: enabled 2019/12/01 01:23:02 extra coverage: enabled 2019/12/01 01:23:02 setuid sandbox: enabled 2019/12/01 01:23:02 namespace sandbox: enabled 2019/12/01 01:23:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/01 01:23:02 fault injection: enabled 2019/12/01 01:23:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/01 01:23:02 net packet injection: enabled 2019/12/01 01:23:02 net device setup: enabled 2019/12/01 01:23:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/01 01:23:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 01:25:10 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000900)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x24) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x116) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r0, &(0x7f0000002780)=[{{0x0, 0x363, &(0x7f0000000200)=[{&(0x7f0000000140), 0x304}], 0x8}, 0x2}], 0x13, 0x24000004) 01:25:10 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3}, 0x3c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040)='6', 0x0}, 0x20) syzkaller login: [ 206.703727][ T9322] IPVS: ftp: loaded support on port[0] = 21 01:25:10 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x1276) [ 206.930073][ T9322] chnl_net:caif_netlink_parms(): no params data found [ 206.943401][ T9325] IPVS: ftp: loaded support on port[0] = 21 [ 207.064863][ T9322] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.079816][ T9322] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.088133][ T9322] device bridge_slave_0 entered promiscuous mode [ 207.111447][ T9327] IPVS: ftp: loaded support on port[0] = 21 [ 207.130377][ T9322] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.138243][ T9322] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.147180][ T9322] device bridge_slave_1 entered promiscuous mode 01:25:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x40001, 0x0) fcntl$getflags(r0, 0x401) [ 207.223753][ T9322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.260889][ T9322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.362073][ T9325] chnl_net:caif_netlink_parms(): no params data found [ 207.392559][ T9322] team0: Port device team_slave_0 added [ 207.433883][ T9322] team0: Port device team_slave_1 added [ 207.474137][ T9330] IPVS: ftp: loaded support on port[0] = 21 [ 207.521499][ T9327] chnl_net:caif_netlink_parms(): no params data found 01:25:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_SWBIT(r0, 0x40045568, 0x10) [ 207.602893][ T9322] device hsr_slave_0 entered promiscuous mode [ 207.639575][ T9322] device hsr_slave_1 entered promiscuous mode [ 207.699663][ T9325] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.706790][ T9325] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.726298][ T9325] device bridge_slave_0 entered promiscuous mode [ 207.753185][ T9325] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.765013][ T9325] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.773938][ T9325] device bridge_slave_1 entered promiscuous mode [ 207.847184][ T9322] netdevsim netdevsim0 netdevsim0: renamed from eth0 01:25:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0) [ 207.916955][ T9322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 207.975456][ T9322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.041468][ T9325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.056990][ T9333] IPVS: ftp: loaded support on port[0] = 21 [ 208.071917][ T9327] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.080472][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.088874][ T9327] device bridge_slave_0 entered promiscuous mode [ 208.096936][ T9322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.143225][ T9325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.167775][ T9327] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.175402][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.183614][ T9327] device bridge_slave_1 entered promiscuous mode [ 208.205662][ T9325] team0: Port device team_slave_0 added [ 208.214177][ T9325] team0: Port device team_slave_1 added [ 208.241519][ T9335] IPVS: ftp: loaded support on port[0] = 21 [ 208.267972][ T9327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.353035][ T9325] device hsr_slave_0 entered promiscuous mode [ 208.401782][ T9325] device hsr_slave_1 entered promiscuous mode [ 208.449466][ T9325] debugfs: Directory 'hsr0' with parent '/' already present! [ 208.467553][ T9327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.496129][ T9327] team0: Port device team_slave_0 added [ 208.525818][ T9327] team0: Port device team_slave_1 added [ 208.594939][ T9325] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 208.648594][ T9330] chnl_net:caif_netlink_parms(): no params data found [ 208.702001][ T9327] device hsr_slave_0 entered promiscuous mode [ 208.739847][ T9327] device hsr_slave_1 entered promiscuous mode [ 208.779534][ T9327] debugfs: Directory 'hsr0' with parent '/' already present! [ 208.798707][ T9325] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 208.863411][ T9325] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 208.914875][ T9325] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 209.079459][ T9333] chnl_net:caif_netlink_parms(): no params data found [ 209.129588][ T9327] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 209.181714][ T9327] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 209.235572][ T9330] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.245142][ T9330] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.255482][ T9330] device bridge_slave_0 entered promiscuous mode [ 209.265771][ T9327] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 209.327013][ T9327] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 209.390949][ T9322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.412721][ T9330] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.420468][ T9330] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.428528][ T9330] device bridge_slave_1 entered promiscuous mode [ 209.476835][ T9330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.492322][ T9330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.505586][ T9333] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.513531][ T9333] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.521859][ T9333] device bridge_slave_0 entered promiscuous mode [ 209.564306][ T9322] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.576307][ T9333] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.586985][ T9333] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.595053][ T9333] device bridge_slave_1 entered promiscuous mode [ 209.621177][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.630068][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.680018][ T9330] team0: Port device team_slave_0 added [ 209.687439][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.696486][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.705629][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.713018][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.722461][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.734102][ T9333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.746431][ T9335] chnl_net:caif_netlink_parms(): no params data found [ 209.756781][ T9330] team0: Port device team_slave_1 added [ 209.768963][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.778459][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.787305][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.794582][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.811544][ T9333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.860402][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.881470][ T9333] team0: Port device team_slave_0 added [ 209.923722][ T9330] device hsr_slave_0 entered promiscuous mode [ 209.960078][ T9330] device hsr_slave_1 entered promiscuous mode [ 210.019481][ T9330] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.041346][ T9325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.053497][ T9333] team0: Port device team_slave_1 added [ 210.065926][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.075393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.085123][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.093790][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.103319][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.117724][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.150836][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.161027][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.228038][ T9325] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.236486][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.248098][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.256532][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.268917][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.286494][ T9330] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 210.334111][ T9330] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 210.423074][ T9333] device hsr_slave_0 entered promiscuous mode [ 210.479740][ T9333] device hsr_slave_1 entered promiscuous mode [ 210.529821][ T9333] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.552450][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.561560][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.570414][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.577493][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.585365][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.594278][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.602988][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.610125][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.618250][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.627624][ T9335] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.636161][ T9335] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.644416][ T9335] device bridge_slave_0 entered promiscuous mode [ 210.657733][ T9330] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 210.725743][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.734295][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.749555][ T9335] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.757188][ T9335] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.767421][ T9335] device bridge_slave_1 entered promiscuous mode [ 210.775839][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.784337][ T9330] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 210.839832][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.849012][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.894060][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.908097][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.917043][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.942727][ T9327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.959233][ T9333] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 210.997246][ T9335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.014346][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.027016][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.035556][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.043846][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.056820][ T9325] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.074204][ T9325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.082724][ T9333] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 211.157775][ T9335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.172884][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.181413][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.203007][ T9333] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 211.257484][ T9333] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 211.316707][ T9322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.342816][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.351716][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.377414][ T9327] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.391769][ T9335] team0: Port device team_slave_0 added [ 211.421950][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.431781][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.450699][ T9325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.464188][ T9335] team0: Port device team_slave_1 added [ 211.482364][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.494929][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.504360][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.511774][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.559641][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.567721][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.589207][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.598993][ T9340] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.606182][ T9340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.615423][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.670784][ C0] hrtimer: interrupt took 33456 ns 01:25:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) 01:25:15 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r0, &(0x7f00000006c0)={0x2c, 0x4160e3fd6f9e0d87}, 0x10) [ 211.732630][ T9335] device hsr_slave_0 entered promiscuous mode [ 211.800733][ T9335] device hsr_slave_1 entered promiscuous mode [ 211.822712][ T9335] debugfs: Directory 'hsr0' with parent '/' already present! [ 211.839976][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:25:15 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f00000000c0)={0x2, 0xf, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast2, @in=@local}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa8}}, 0x0) [ 211.857171][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.867928][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.895275][ T9330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.932841][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.944484][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.965540][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.978371][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.996247][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 01:25:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 212.029992][ T9327] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.051755][ T9327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.072496][ T9330] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.085493][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.095809][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.108706][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.128187][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:25:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 212.141095][ T9333] 8021q: adding VLAN 0 to HW filter on device bond0 01:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 212.225967][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.246165][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.307119][ T9340] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.314314][ T9340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.322795][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.332355][ T9340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.341703][ T9340] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.348790][ T9340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.361339][ T9335] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 212.394919][ T9335] netdevsim netdevsim5 netdevsim1: renamed from eth1 01:25:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 212.475975][ T9327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.484768][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.495671][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.516439][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 01:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 212.551588][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 212.588758][ T9333] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.608870][ T9335] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 212.662643][ T9335] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 212.718550][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.753596][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.774224][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.787457][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.795760][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.810496][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.886371][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.904669][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.916819][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 01:25:16 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x1276) [ 212.934244][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.945812][ T9338] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.953038][ T9338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.966848][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.975516][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.990452][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.999195][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.014711][ T9338] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.021998][ T9338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.036574][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.045292][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.060593][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.084555][ T9330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.107914][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.116351][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.125519][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.135425][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.145745][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.183745][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.192657][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.226968][ T9333] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 213.246300][ T9333] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.273439][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.282333][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.292445][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.302093][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.311842][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.319611][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.330385][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.346305][ T9330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.389234][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.397249][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.418070][ T9335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.432120][ T9333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.474578][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.490882][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.506210][ T9335] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.533311][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.544754][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.554116][ T2935] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.561290][ T2935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.580645][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.596029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.605233][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.617574][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.624671][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.632360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.650015][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.659238][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.668187][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.686556][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.695564][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.704762][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.714650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.723698][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.737231][ T9335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.752086][ T9335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.764003][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.783242][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.824409][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.836042][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.856415][ T9335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.079037][ T9408] XFS (loop5): Mounting V4 Filesystem [ 214.108194][ T9408] XFS (loop5): empty log check failed [ 214.116285][ T9408] XFS (loop5): log mount/recovery failed: error -5 [ 214.179794][ T9408] XFS (loop5): log mount failed 01:25:18 executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[{@sb={'sb'}}]}) 01:25:18 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0x2}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d91a461a429983267af48ea3961fa1315bd15734e5a91e85dd808ca39ddea77b09fb98975bdc25f92a88a095db0f9c434ee33268fc4f", 0x6d}], 0x1}, 0x0) [ 214.316238][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 214.316253][ T27] audit: type=1804 audit(1575163518.206:31): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir178593272/syzkaller.PvJQLV/0/file0" dev="sda1" ino=16527 res=1 [ 214.351411][ T27] audit: type=1804 audit(1575163518.206:32): pid=9393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir178593272/syzkaller.PvJQLV/0/file0" dev="sda1" ino=16527 res=1 [ 214.487065][ T9421] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 214.558934][ T9424] XFS (loop5): Mounting V4 Filesystem [ 214.586884][ T9421] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 214.620113][ T9424] ================================================================== [ 214.629765][ T9424] BUG: KASAN: use-after-free in xlog_alloc_log+0x1386/0x14b0 [ 214.640855][ T9424] Read of size 8 at addr ffff88808d24e890 by task syz-executor.5/9424 [ 214.651278][ T9424] [ 214.653943][ T9424] CPU: 0 PID: 9424 Comm: syz-executor.5 Not tainted 5.4.0-next-20191129-syzkaller #0 [ 214.665205][ T9424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.675552][ T9424] Call Trace: [ 214.678870][ T9424] dump_stack+0x197/0x210 [ 214.683214][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 214.688309][ T9424] print_address_description.constprop.0.cold+0xd4/0x30b [ 214.695336][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 214.700389][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 214.705398][ T9424] __kasan_report.cold+0x1b/0x41 [ 214.710480][ T9424] ? kvfree+0x20/0x70 [ 214.714459][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 214.719979][ T9424] kasan_report+0x12/0x20 [ 214.724306][ T9424] __asan_report_load8_noabort+0x14/0x20 [ 214.730127][ T9424] xlog_alloc_log+0x1386/0x14b0 [ 214.734993][ T9424] xfs_log_mount+0xdc/0x780 [ 214.740196][ T9424] xfs_mountfs+0xc35/0x1ca0 [ 214.744691][ T9424] ? xfs_default_resblks+0x60/0x60 [ 214.749788][ T9424] ? init_timer_key+0x13b/0x3a0 [ 214.754627][ T9424] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 214.759980][ T9424] ? xfs_filestream_get_ag+0x60/0x60 [ 214.765270][ T9424] xfs_fc_fill_super+0x84e/0x11c0 [ 214.770309][ T9424] get_tree_bdev+0x414/0x650 [ 214.775247][ T9424] ? xfs_mount_free+0x80/0x80 [ 214.779923][ T9424] xfs_fc_get_tree+0x1d/0x30 [ 214.784743][ T9424] vfs_get_tree+0x8e/0x300 [ 214.789174][ T9424] do_mount+0x135a/0x1b50 [ 214.793573][ T9424] ? copy_mount_string+0x40/0x40 [ 214.798515][ T9424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.804748][ T9424] ? copy_mount_options+0x2e8/0x3f0 [ 214.809994][ T9424] ksys_mount+0xdb/0x150 [ 214.814539][ T9424] __x64_sys_mount+0xbe/0x150 [ 214.819219][ T9424] do_syscall_64+0xfa/0x790 [ 214.823725][ T9424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.829779][ T9424] RIP: 0033:0x45d0ca [ 214.833758][ T9424] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 214.853481][ T9424] RSP: 002b:00007f88481e9a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 214.861897][ T9424] RAX: ffffffffffffffda RBX: 00007f88481e9b40 RCX: 000000000045d0ca [ 214.869868][ T9424] RDX: 00007f88481e9ae0 RSI: 0000000020000000 RDI: 00007f88481e9b00 [ 214.877840][ T9424] RBP: 0000000000000001 R08: 00007f88481e9b40 R09: 00007f88481e9ae0 [ 214.887029][ T9424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 214.895013][ T9424] R13: 00000000004ca26c R14: 00000000004e28a8 R15: 00000000ffffffff [ 214.902998][ T9424] [ 214.905311][ T9424] Allocated by task 9424: [ 214.909656][ T9424] save_stack+0x23/0x90 [ 214.913809][ T9424] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 214.928044][ T9424] kasan_kmalloc+0x9/0x10 [ 214.935085][ T9424] __kmalloc+0x163/0x770 [ 214.947147][ T9424] kmem_alloc+0x15b/0x4d0 [ 214.951463][ T9424] xlog_alloc_log+0xcc3/0x14b0 [ 214.958726][ T9424] xfs_log_mount+0xdc/0x780 [ 214.963494][ T9424] xfs_mountfs+0xc35/0x1ca0 [ 214.968007][ T9424] xfs_fc_fill_super+0x84e/0x11c0 [ 214.973027][ T9424] get_tree_bdev+0x414/0x650 [ 214.977796][ T9424] xfs_fc_get_tree+0x1d/0x30 [ 214.982859][ T9424] vfs_get_tree+0x8e/0x300 [ 214.987559][ T9424] do_mount+0x135a/0x1b50 [ 214.992101][ T9424] ksys_mount+0xdb/0x150 [ 214.996330][ T9424] __x64_sys_mount+0xbe/0x150 [ 215.001111][ T9424] do_syscall_64+0xfa/0x790 [ 215.007185][ T9424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.013060][ T9424] [ 215.015376][ T9424] Freed by task 9424: [ 215.020435][ T9424] save_stack+0x23/0x90 [ 215.024773][ T9424] __kasan_slab_free+0x102/0x150 [ 215.029693][ T9424] kasan_slab_free+0xe/0x10 [ 215.034330][ T9424] kfree+0x10a/0x2c0 [ 215.038301][ T9424] kvfree+0x61/0x70 [ 215.042114][ T9424] xlog_alloc_log+0xeaa/0x14b0 [ 215.047294][ T9424] xfs_log_mount+0xdc/0x780 [ 215.051930][ T9424] xfs_mountfs+0xc35/0x1ca0 [ 215.059445][ T9424] xfs_fc_fill_super+0x84e/0x11c0 [ 215.064463][ T9424] get_tree_bdev+0x414/0x650 [ 215.069142][ T9424] xfs_fc_get_tree+0x1d/0x30 [ 215.073715][ T9424] vfs_get_tree+0x8e/0x300 [ 215.078388][ T9424] do_mount+0x135a/0x1b50 [ 215.082708][ T9424] ksys_mount+0xdb/0x150 [ 215.086931][ T9424] __x64_sys_mount+0xbe/0x150 [ 215.091597][ T9424] do_syscall_64+0xfa/0x790 [ 215.096102][ T9424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.101967][ T9424] [ 215.104287][ T9424] The buggy address belongs to the object at ffff88808d24e800 [ 215.104287][ T9424] which belongs to the cache kmalloc-1k of size 1024 [ 215.119564][ T9424] The buggy address is located 144 bytes inside of [ 215.119564][ T9424] 1024-byte region [ffff88808d24e800, ffff88808d24ec00) [ 215.133085][ T9424] The buggy address belongs to the page: [ 215.139334][ T9424] page:ffffea0002349380 refcount:1 mapcount:0 mapping:ffff8880aa000c40 index:0x0 [ 215.148930][ T9424] raw: 00fffe0000000200 ffffea00027e2948 ffffea00023493c8 ffff8880aa000c40 [ 215.157523][ T9424] raw: 0000000000000000 ffff88808d24e000 0000000100000002 0000000000000000 [ 215.166222][ T9424] page dumped because: kasan: bad access detected [ 215.172776][ T9424] [ 215.175095][ T9424] Memory state around the buggy address: [ 215.180735][ T9424] ffff88808d24e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 215.188824][ T9424] ffff88808d24e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 215.196898][ T9424] >ffff88808d24e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 215.206154][ T9424] ^ [ 215.210738][ T9424] ffff88808d24e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 215.219481][ T9424] ffff88808d24e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 215.227636][ T9424] ================================================================== [ 215.235699][ T9424] Disabling lock debugging due to kernel taint [ 215.259581][ T9424] Kernel panic - not syncing: panic_on_warn set ... [ 215.266622][ T9424] CPU: 0 PID: 9424 Comm: syz-executor.5 Tainted: G B 5.4.0-next-20191129-syzkaller #0 [ 215.277616][ T9424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.287685][ T9424] Call Trace: [ 215.291000][ T9424] dump_stack+0x197/0x210 [ 215.295348][ T9424] panic+0x2e3/0x75c [ 215.299255][ T9424] ? add_taint.cold+0x16/0x16 [ 215.303946][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 215.308989][ T9424] ? preempt_schedule+0x4b/0x60 [ 215.313858][ T9424] ? ___preempt_schedule+0x16/0x18 [ 215.318991][ T9424] ? trace_hardirqs_on+0x5e/0x240 [ 215.324041][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 215.329124][ T9424] end_report+0x47/0x4f [ 215.333409][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 215.338445][ T9424] __kasan_report.cold+0xe/0x41 [ 215.343403][ T9424] ? kvfree+0x20/0x70 [ 215.347376][ T9424] ? xlog_alloc_log+0x1386/0x14b0 [ 215.352400][ T9424] kasan_report+0x12/0x20 [ 215.356773][ T9424] __asan_report_load8_noabort+0x14/0x20 [ 215.362626][ T9424] xlog_alloc_log+0x1386/0x14b0 [ 215.367491][ T9424] xfs_log_mount+0xdc/0x780 [ 215.371996][ T9424] xfs_mountfs+0xc35/0x1ca0 [ 215.377064][ T9424] ? xfs_default_resblks+0x60/0x60 [ 215.383383][ T9424] ? init_timer_key+0x13b/0x3a0 [ 215.388243][ T9424] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 215.393642][ T9424] ? xfs_filestream_get_ag+0x60/0x60 [ 215.398951][ T9424] xfs_fc_fill_super+0x84e/0x11c0 [ 215.404213][ T9424] get_tree_bdev+0x414/0x650 [ 215.409000][ T9424] ? xfs_mount_free+0x80/0x80 [ 215.414005][ T9424] xfs_fc_get_tree+0x1d/0x30 [ 215.419435][ T9424] vfs_get_tree+0x8e/0x300 [ 215.424466][ T9424] do_mount+0x135a/0x1b50 [ 215.431112][ T9424] ? copy_mount_string+0x40/0x40 [ 215.437518][ T9424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.443949][ T9424] ? copy_mount_options+0x2e8/0x3f0 [ 215.449326][ T9424] ksys_mount+0xdb/0x150 [ 215.453641][ T9424] __x64_sys_mount+0xbe/0x150 [ 215.458341][ T9424] do_syscall_64+0xfa/0x790 [ 215.463100][ T9424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.469133][ T9424] RIP: 0033:0x45d0ca [ 215.473028][ T9424] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 215.494272][ T9424] RSP: 002b:00007f88481e9a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 215.502783][ T9424] RAX: ffffffffffffffda RBX: 00007f88481e9b40 RCX: 000000000045d0ca [ 215.510752][ T9424] RDX: 00007f88481e9ae0 RSI: 0000000020000000 RDI: 00007f88481e9b00 [ 215.519836][ T9424] RBP: 0000000000000001 R08: 00007f88481e9b40 R09: 00007f88481e9ae0 [ 215.528131][ T9424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 215.536406][ T9424] R13: 00000000004ca26c R14: 00000000004e28a8 R15: 00000000ffffffff [ 215.545861][ T9424] Kernel Offset: disabled [ 215.550204][ T9424] Rebooting in 86400 seconds..