Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts.
2019/12/10 03:34:44 fuzzer started
2019/12/10 03:34:46 dialing manager at 10.128.0.105:38603
2019/12/10 03:34:46 syscalls: 2689
2019/12/10 03:34:46 code coverage: enabled
2019/12/10 03:34:46 comparison tracing: enabled
2019/12/10 03:34:46 extra coverage: extra coverage is not supported by the kernel
2019/12/10 03:34:46 setuid sandbox: enabled
2019/12/10 03:34:46 namespace sandbox: enabled
2019/12/10 03:34:46 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/10 03:34:46 fault injection: enabled
2019/12/10 03:34:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/10 03:34:46 net packet injection: enabled
2019/12/10 03:34:46 net device setup: enabled
2019/12/10 03:34:46 concurrency sanitizer: enabled
2019/12/10 03:34:46 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   62.905784][ T7558] KCSAN: could not find function: 'poll_schedule_timeout'
[   64.860954][ T7558] KCSAN: could not find function: 'may_open'
2019/12/10 03:34:59 adding functions to KCSAN blacklist: '__tty_hangup' 'find_next_bit' 'ipip_tunnel_xmit' '__skb_try_recv_from_queue' 'rcu_gp_fqs_check_wake' 'tick_do_update_jiffies64' 'do_nanosleep' 'inactive_list_is_low' 'futex_wait_queue_me' 'ep_poll' 'generic_fillattr' 'ext4_nonda_switch' 'exit_signals' 'queue_access_lock' 'blk_mq_dispatch_rq_list' 'rcu_gp_fqs_loop' '__dev_queue_xmit' 'echo_char' 'kvm_mmu_notifier_invalidate_range_end' 'tick_nohz_idle_stop_tick' 'pcpu_alloc' '__d_lookup_done' 'unix_release_sock' 'tcp_add_backlog' 'skb_dequeue' 'vm_area_dup' 'install_new_memslots' 'dd_has_work' 'ext4_free_inode' 'ext4_free_inodes_count' 'tick_sched_do_timer' 'blk_mq_get_request' 'pipe_wait' 'list_lru_count_one' 'evict' '__hrtimer_run_queues' 'mod_timer' 'pid_update_inode' 'free_pid' 'run_timer_softirq' 'aio_read_events' '__mark_inode_dirty' 'ext4_has_free_clusters' 'do_readlinkat' 'xas_clear_mark' 'add_timer' 'sbitmap_queue_clear' 'ktime_get_real_seconds' 'kauditd_thread' 'tomoyo_supervisor' 'poll_schedule_timeout' 'process_srcu' 'mem_cgroup_select_victim_node' 'generic_write_end' '__ext4_new_inode' 'padata_find_next' 'audit_log_start' 'ext4_mark_iloc_dirty' 'hrtimer_wakeup' 'common_perm_cond' 'watchdog' 'do_syslog' 'mm_update_next_owner' 'n_tty_receive_buf_common' 'generic_file_read_iter' 'ext4_da_write_end' 'd_instantiate_new' 'pipe_poll' 'may_open' 'sit_tunnel_xmit' 'blk_mq_run_hw_queue' 'balance_dirty_pages' 'copy_process' 'page_counter_try_charge' 'xas_find_marked' 'lruvec_lru_size' 'ext4_setattr' 'ktime_get_seconds' 'find_get_pages_range_tag' 'dput' 'do_exit' 'taskstats_exit' '__snd_rawmidi_transmit_ack' 'timer_clear_idle' 'atime_needs_update' '__dentry_kill' 'inotify_handle_event' 'iput' 'wbt_issue' 'blk_mq_sched_dispatch_requests' 
03:38:32 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x10000000d)

03:38:33 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x48, 0x0, 0x0)
recvfrom$inet(r0, 0x0, 0x16c631476762c91a, 0x0, 0x0, 0x800e003d8)
shutdown(r0, 0x0)

[  281.350025][ T7562] IPVS: ftp: loaded support on port[0] = 21
[  281.456875][ T7562] chnl_net:caif_netlink_parms(): no params data found
[  281.510839][ T7562] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.521532][ T7562] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.530176][ T7562] device bridge_slave_0 entered promiscuous mode
[  281.542692][ T7565] IPVS: ftp: loaded support on port[0] = 21
[  281.555048][ T7562] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.562101][ T7562] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.569884][ T7562] device bridge_slave_1 entered promiscuous mode
[  281.602257][ T7562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  281.615485][ T7562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  281.635005][ T7562] team0: Port device team_slave_0 added
[  281.641577][ T7562] team0: Port device team_slave_1 added
03:38:33 executing program 2:
open(0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000005)
syz_open_dev$evdev(0x0, 0x0, 0x11b220)
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182)
r1 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24007200)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r2 = syz_open_dev$loop(0x0, 0x0, 0x0)
memfd_create(0x0, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)

[  281.691580][ T7565] chnl_net:caif_netlink_parms(): no params data found
[  281.816017][ T7562] device hsr_slave_0 entered promiscuous mode
03:38:33 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000180)=""/239, 0xef}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7}, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549)
r2 = dup(r0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0053d)
shutdown(r2, 0x0)
r4 = socket$inet6_sctp(0x1c, 0x5, 0x84)
readv(r4, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/67, 0x43}, {0x0}], 0x2)
shutdown(r3, 0x0)
shutdown(r1, 0x0)

[  281.904016][ T7562] device hsr_slave_1 entered promiscuous mode
[  282.020115][ T7568] IPVS: ftp: loaded support on port[0] = 21
[  282.042404][ T7570] IPVS: ftp: loaded support on port[0] = 21
[  282.101288][ T7562] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.108373][ T7562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.115674][ T7562] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.122703][ T7562] bridge0: port 1(bridge_slave_0) entered forwarding state
03:38:33 executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000005c0)={0x9, 0xff}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x20, 0xfffffffffffffffc}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
eventfd2(0x5, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x11, &(0x7f0000000240)="08c8e1441e8b9cadc98fa74a2d78bed020e4c018ee49e67931dcd35352985da62cf42044f287c7e357b53dda1024ca9c3bc5b0dae3baaae9a31b94a3e12815a4fefc3c84324c04ecfe208d4a32828487e39ebf6c36a4ed50a96ac712cfab378b47df05c09521e669e56205a46c83c71560504fc11535462b625befc084026164e46347", 0x83)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xb5e8f2efa94adb24)
bind(0xffffffffffffffff, 0x0, 0x0)
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
ioctl$BLKPG(r2, 0x1269, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
sched_setattr(0x0, &(0x7f0000000400)={0x30, 0x1, 0x1, 0x0, 0x1}, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
r5 = socket(0xa, 0x1, 0x0)
dup3(0xffffffffffffffff, r5, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
fcntl$getown(0xffffffffffffffff, 0x9)

[  282.314904][ T7565] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.322030][ T7565] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.364484][ T7565] device bridge_slave_0 entered promiscuous mode
[  282.380653][ T7565] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.414628][ T7565] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.443844][ T7565] device bridge_slave_1 entered promiscuous mode
[  282.485473][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.534523][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.640104][ T7598] IPVS: ftp: loaded support on port[0] = 21
[  282.680953][ T7565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.749342][ T7565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.802561][ T7570] chnl_net:caif_netlink_parms(): no params data found
03:38:34 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="006f5236bbfca429651e4fb5bffec9a80c37ab9cba155b6646c3a3123759ce7501570f4d704fd819f8fcaa368ac33d8c2effbd7e3ace5942c36efff678680ef60d3c6900000000000000000000000002f1c7bf2ce0294f170c2d51e59b042aa7c298fae8ee01010000000000001fc2ec4f77ef339702de3bc58b968438e46c02f0d4a0630aa59d8b6990641c88532d0434f8bc0d15fa2a65d1b7742fc8e2af939b5d3cbaff0a59ba34315b029a5a3b61c780a8afa17b9623baef6f4c4bcbb3e2a07571e6bd29e5c15229d982da154d4590f48f00cf660c7d4760a8d9ed3394d830cc943fb7a7d6e0418fb3c4ac891682b73cac51d44930b11d9399c1622b20175cf85b4639622d9e637d118ee50a06f10000000000ceb9e001d239ebe2a99e8719c8c081985547a2a0c93eb1ab9cea04a3a91a7691f514a406d0b48c85ca61b3dd46f259f810fed0371ba7bc863af10e375fff924a10bd9f4bd9f4b946e0f2bc4dd54143d4a090fa73f3e2461fe711d9d3376add11c88702e9a7e8a4107ad167637e5c8b3c5ea8803af8688bf546cb08587af65d2ef3b43124"], 0x14002c)
write(r1, &(0x7f0000000000)='\x00', 0xfffffed5)
listen(0xffffffffffffffff, 0x0)
syz_init_net_socket$ax25(0x3, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$FS_IOC_FIEMAP(r1, 0x6611, 0x0)

[  282.929263][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.941438][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.984472][ T7570] device bridge_slave_0 entered promiscuous mode
[  283.021616][ T7562] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.044126][ T7568] chnl_net:caif_netlink_parms(): no params data found
[  283.074519][ T7565] team0: Port device team_slave_0 added
[  283.080301][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.093923][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.101477][ T7570] device bridge_slave_1 entered promiscuous mode
[  283.152760][ T7562] 8021q: adding VLAN 0 to HW filter on device team0
[  283.194168][ T7565] team0: Port device team_slave_1 added
[  283.208692][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  283.234408][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  283.316183][ T7565] device hsr_slave_0 entered promiscuous mode
[  283.344002][ T7565] device hsr_slave_1 entered promiscuous mode
[  283.383807][ T7565] debugfs: Directory 'hsr0' with parent '/' already present!
[  283.405935][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  283.424192][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  283.432531][ T2575] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.439570][ T2575] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.495327][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  283.514101][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  283.522597][ T2575] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.529647][ T2575] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.553440][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  283.562446][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  283.571766][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  283.580327][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  283.595601][ T7570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.606703][ T7570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.629626][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  283.640253][ T7602] IPVS: ftp: loaded support on port[0] = 21
[  283.649502][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  283.661267][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  283.678555][ T7562] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  283.693348][ T7562] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  283.728928][ T7583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  283.737768][ T7583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  283.750984][ T7583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  283.760568][ T7583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  283.801424][ T7568] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.825777][ T7568] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.845684][ T7568] device bridge_slave_0 entered promiscuous mode
[  283.893181][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  283.946433][ T7570] team0: Port device team_slave_0 added
[  283.954277][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  283.961619][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  283.993915][ T7568] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.000960][ T7568] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.026834][ T7568] device bridge_slave_1 entered promiscuous mode
[  284.047807][ T7598] chnl_net:caif_netlink_parms(): no params data found
[  284.058798][ T7562] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.084122][ T7570] team0: Port device team_slave_1 added
[  284.142595][ T7568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.179018][ T7565] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.207386][ T7568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.276183][ T7570] device hsr_slave_0 entered promiscuous mode
[  284.294022][ T7570] device hsr_slave_1 entered promiscuous mode
[  284.333834][ T7570] debugfs: Directory 'hsr0' with parent '/' already present!
[  284.357800][ T7565] 8021q: adding VLAN 0 to HW filter on device team0
[  284.380074][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  284.391188][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  284.424368][ T7598] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.431570][ T7598] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.443855][ T7598] device bridge_slave_0 entered promiscuous mode
[  284.540872][ T7598] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.550902][ T7598] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.584780][ T7598] device bridge_slave_1 entered promiscuous mode
[  284.620529][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  284.634709][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  284.674421][ T2575] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.681519][ T2575] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.714342][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  284.754188][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  284.794194][ T2575] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.801282][ T2575] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.854559][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  284.894665][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  284.935031][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  284.964391][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  284.998371][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  285.024528][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  285.057852][ T7568] team0: Port device team_slave_0 added
[  285.070057][ T7565] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  285.103762][ T7565] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  285.170371][ T7602] chnl_net:caif_netlink_parms(): no params data found
[  285.267079][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  285.279728][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  285.327887][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  285.365367][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  285.388919][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  285.422914][ T2575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  285.456149][ T7568] team0: Port device team_slave_1 added
[  285.518001][ T7598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.547656][ T7583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  285.580908][ T7565] 8021q: adding VLAN 0 to HW filter on device batadv0
[  285.599336][ T7598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
03:38:37 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x252a, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x7fffffff}]})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r1, @ANYBLOB, @ANYBLOB, @ANYRESDEC=0x0])
lsetxattr$smack_xattr_label(0x0, &(0x7f0000000040)='security.SMACK64IPOUT\x00', 0x0, 0x0, 0x1)
read$FUSE(0xffffffffffffffff, &(0x7f0000000780), 0x1000)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50)
read$FUSE(r1, 0x0, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80800)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000001840))
socketpair$unix(0x1, 0x3, 0x0, 0x0)

[  285.635381][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  285.670580][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  285.788855][ T7568] device hsr_slave_0 entered promiscuous mode
[  285.824081][ T7568] device hsr_slave_1 entered promiscuous mode
[  285.843747][    C0] hrtimer: interrupt took 30481 ns
[  285.863868][ T7568] debugfs: Directory 'hsr0' with parent '/' already present!
[  285.893292][ T7602] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.923480][ T7602] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.943893][ T7602] device bridge_slave_0 entered promiscuous mode
[  285.982567][ T7598] team0: Port device team_slave_0 added
03:38:37 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x252a, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x7fffffff}]})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r1, @ANYBLOB, @ANYBLOB, @ANYRESDEC=0x0])
lsetxattr$smack_xattr_label(0x0, &(0x7f0000000040)='security.SMACK64IPOUT\x00', 0x0, 0x0, 0x1)
read$FUSE(0xffffffffffffffff, &(0x7f0000000780), 0x1000)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50)
read$FUSE(r1, 0x0, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80800)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000001840))
socketpair$unix(0x1, 0x3, 0x0, 0x0)

[  286.005987][ T7598] team0: Port device team_slave_1 added
[  286.049193][ T7602] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.069735][ T7602] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.106670][ T7602] device bridge_slave_1 entered promiscuous mode
[  286.160130][ T7570] 8021q: adding VLAN 0 to HW filter on device bond0
03:38:38 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x252a, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x7fffffff}]})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[])
lsetxattr$smack_xattr_label(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000002780)=ANY=[], 0x0, 0x1)
write$FUSE_INIT(r1, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80800)
write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0)
umount2(&(0x7f0000000540)='./file0\x00', 0x0)

[  286.296374][ T7598] device hsr_slave_0 entered promiscuous mode
[  286.334023][ T7598] device hsr_slave_1 entered promiscuous mode
[  286.370859][ T7598] debugfs: Directory 'hsr0' with parent '/' already present!
[  286.463791][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  286.471479][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
03:38:38 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff})
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sysfs$1(0x1, &(0x7f0000000280)='vfat\x00')

[  286.569384][ T7602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.602232][ T7570] 8021q: adding VLAN 0 to HW filter on device team0
03:38:38 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x252a, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x7fffffff}]})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[])
lsetxattr$smack_xattr_label(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000002780)=ANY=[], 0x0, 0x1)
write$FUSE_INIT(r1, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80800)
write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0)
umount2(&(0x7f0000000540)='./file0\x00', 0x0)

[  286.682997][ T7602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.814510][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  286.823141][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  286.910795][ T3018] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.917911][ T3018] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.996342][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  287.042448][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  287.096673][ T3018] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.103757][ T3018] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.164512][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
03:38:39 executing program 0:
syz_mount_image$vfat(&(0x7f00000001c0)='vfat\x00', &(0x7f0000000200)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@fat=@dos1xfloppy='dos1xfloppy'}]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = socket(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  287.208669][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  287.259247][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  287.311969][ T7742] ==================================================================
[  287.320094][ T7742] BUG: KCSAN: data-race in alloc_empty_file / percpu_counter_add_batch
[  287.328316][ T7742] 
[  287.330642][ T7742] write to 0xffffffff85a08548 of 8 bytes by task 7746 on cpu 1:
[  287.338264][ T7742]  percpu_counter_add_batch+0xca/0x150
[  287.343718][ T7742]  alloc_empty_file+0xd2/0x180
[  287.348482][ T7742]  path_openat+0x74/0x36e0
[  287.352887][ T7742]  do_filp_open+0x11e/0x1b0
[  287.357386][ T7742]  do_sys_open+0x3b3/0x4f0
[  287.361804][ T7742]  __x64_sys_openat+0x62/0x80
[  287.366477][ T7742]  do_syscall_64+0xcc/0x370
[  287.370973][ T7742]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  287.376850][ T7742] 
[  287.379182][ T7742] read to 0xffffffff85a08548 of 8 bytes by task 7742 on cpu 0:
[  287.386726][ T7742]  alloc_empty_file+0x2d/0x180
[  287.391482][ T7742]  path_openat+0x74/0x36e0
[  287.395891][ T7742]  do_filp_open+0x11e/0x1b0
[  287.400391][ T7742]  do_sys_open+0x3b3/0x4f0
[  287.404800][ T7742]  __x64_sys_open+0x55/0x70
[  287.406681][ T7748] FAT-fs (loop0): bogus number of reserved sectors
[  287.409301][ T7742]  do_syscall_64+0xcc/0x370
[  287.409326][ T7742]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  287.426146][ T7742] 
[  287.428462][ T7742] Reported by Kernel Concurrency Sanitizer on:
[  287.434608][ T7742] CPU: 0 PID: 7742 Comm: ps Not tainted 5.4.0-syzkaller #0
[  287.441783][ T7742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.445285][ T7748] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  287.451828][ T7742] ==================================================================
[  287.451837][ T7742] Kernel panic - not syncing: panic_on_warn set ...
[  287.451853][ T7742] CPU: 0 PID: 7742 Comm: ps Not tainted 5.4.0-syzkaller #0
[  287.451860][ T7742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.451864][ T7742] Call Trace:
[  287.451889][ T7742]  dump_stack+0x11d/0x181
[  287.451915][ T7742]  panic+0x210/0x640
[  287.504256][ T7742]  ? vprintk_func+0x8d/0x140
[  287.508853][ T7742]  kcsan_report.cold+0xc/0xd
[  287.513445][ T7742]  kcsan_setup_watchpoint+0x3fe/0x460
[  287.518832][ T7742]  __tsan_read8+0xc6/0x100
[  287.523269][ T7742]  alloc_empty_file+0x2d/0x180
[  287.523816][ T7748] FAT-fs (loop0): Can't find a valid FAT filesystem
[  287.528035][ T7742]  path_openat+0x74/0x36e0
[  287.528071][ T7742]  ? __read_once_size.constprop.0+0x12/0x20
[  287.544912][ T7742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  287.551152][ T7742]  ? __virt_addr_valid+0x126/0x190
[  287.556263][ T7742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  287.562506][ T7742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  287.568740][ T7742]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  287.574717][ T7742]  ? __read_once_size+0x41/0xe0
[  287.579578][ T7742]  do_filp_open+0x11e/0x1b0
[  287.584184][ T7742]  ? __check_object_size+0x5f/0x346
[  287.589378][ T7742]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  287.595263][ T7742]  ? __alloc_fd+0x2ef/0x3b0
[  287.599770][ T7742]  do_sys_open+0x3b3/0x4f0
[  287.604195][ T7742]  __x64_sys_open+0x55/0x70
[  287.608697][ T7742]  do_syscall_64+0xcc/0x370
[  287.613205][ T7742]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  287.619095][ T7742] RIP: 0033:0x7f27a55d9120
[  287.623512][ T7742] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[  287.643122][ T7742] RSP: 002b:00007fff46041628 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  287.651531][ T7742] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f27a55d9120
[  287.659501][ T7742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f27a5aa7d00
[  287.667472][ T7742] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f27a58a157b
[  287.675432][ T7742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27a5aa6d00
[  287.683397][ T7742] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000
[  287.692707][ T7742] Kernel Offset: disabled
[  287.697068][ T7742] Rebooting in 86400 seconds..