[   35.128852][   T26] audit: type=1800 audit(1550935034.230:28): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.834986][   T26] audit: type=1800 audit(1550935035.010:29): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.855968][   T26] audit: type=1800 audit(1550935035.010:30): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts.
2019/02/23 15:17:23 fuzzer started
2019/02/23 15:17:26 dialing manager at 10.128.0.26:40411
2019/02/23 15:17:26 syscalls: 1
2019/02/23 15:17:26 code coverage: enabled
2019/02/23 15:17:26 comparison tracing: enabled
2019/02/23 15:17:26 extra coverage: extra coverage is not supported by the kernel
2019/02/23 15:17:26 setuid sandbox: enabled
2019/02/23 15:17:26 namespace sandbox: enabled
2019/02/23 15:17:26 Android sandbox: /sys/fs/selinux/policy does not exist
2019/02/23 15:17:26 fault injection: enabled
2019/02/23 15:17:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/02/23 15:17:26 net packet injection: enabled
2019/02/23 15:17:26 net device setup: enabled
15:20:05 executing program 0:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xfffffe58}}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="5500000018007f5300fe01b2a4a280930a00000000000000000000003900090035000c000600000019000500de800000000000dc1338d54400009b84132000000083de448daa7227c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0)
r0 = socket(0x4000100000010, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

syzkaller login: [  206.594681][ T7722] IPVS: ftp: loaded support on port[0] = 21
15:20:05 executing program 1:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

[  206.707060][ T7722] chnl_net:caif_netlink_parms(): no params data found
[  206.797471][ T7722] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.823926][ T7722] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.833282][ T7722] device bridge_slave_0 entered promiscuous mode
[  206.853541][ T7722] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.860713][ T7722] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.868905][ T7722] device bridge_slave_1 entered promiscuous mode
[  206.890762][ T7722] bond0: Enslaving bond_slave_0 as an active interface with an up link
15:20:06 executing program 2:
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x3, 0x84)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0), 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0)

[  206.904528][ T7722] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  206.922555][ T7726] IPVS: ftp: loaded support on port[0] = 21
[  206.930777][ T7722] team0: Port device team_slave_0 added
[  206.937937][ T7722] team0: Port device team_slave_1 added
[  207.006678][ T7722] device hsr_slave_0 entered promiscuous mode
[  207.063471][ T7722] device hsr_slave_1 entered promiscuous mode
15:20:06 executing program 3:
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x3, 0x84)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0), 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, &(0x7f0000000200), 0x0)

[  207.141680][ T7722] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.148880][ T7722] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.156571][ T7722] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.163679][ T7722] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.230787][ T7728] IPVS: ftp: loaded support on port[0] = 21
[  207.350314][ T7731] IPVS: ftp: loaded support on port[0] = 21
15:20:06 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0x2c, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0)

[  207.392198][ T7722] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.479022][ T7722] 8021q: adding VLAN 0 to HW filter on device team0
[  207.518389][ T2986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.535091][ T2986] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.553425][ T2986] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.573575][ T2986] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
15:20:06 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
connect(0xffffffffffffffff, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000100)=0x8)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x3)

[  207.633512][ T2986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.641912][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.649043][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.658449][ T2986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.666876][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.673989][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.718725][ T7728] chnl_net:caif_netlink_parms(): no params data found
[  207.731220][ T7736] IPVS: ftp: loaded support on port[0] = 21
[  207.757836][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.769526][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.778704][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.789527][ T7726] chnl_net:caif_netlink_parms(): no params data found
[  207.818570][ T7738] IPVS: ftp: loaded support on port[0] = 21
[  207.826917][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  207.843922][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.852496][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.918869][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  207.928951][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  207.968380][ T7726] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.975503][ T7726] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.983415][ T7726] device bridge_slave_0 entered promiscuous mode
[  207.991469][ T7726] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.998651][ T7726] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.006214][ T7726] device bridge_slave_1 entered promiscuous mode
[  208.028506][ T7728] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.036550][ T7728] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.044428][ T7728] device bridge_slave_0 entered promiscuous mode
[  208.062442][ T7722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.074014][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.081537][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.089855][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.111947][ T7726] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  208.120409][ T7728] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.127877][ T7728] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.135614][ T7728] device bridge_slave_1 entered promiscuous mode
[  208.157132][ T7728] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  208.171329][ T7726] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  208.195630][ T7728] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  208.233910][ T7726] team0: Port device team_slave_0 added
[  208.279945][ T7726] team0: Port device team_slave_1 added
[  208.297727][ T7728] team0: Port device team_slave_0 added
[  208.324540][ T7722] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.342686][ T7728] team0: Port device team_slave_1 added
[  208.356901][ T7731] chnl_net:caif_netlink_parms(): no params data found
[  208.465273][ T7726] device hsr_slave_0 entered promiscuous mode
[  208.513208][ T7726] device hsr_slave_1 entered promiscuous mode
[  208.557691][ T7736] chnl_net:caif_netlink_parms(): no params data found
[  208.567781][ T7745] IPv6: NLM_F_REPLACE set, but no existing node found!
15:20:07 executing program 0:
syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$llc(0x1a, 0x80200000000002, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x22, 0x100, 0x70bd2c, 0x25dfdbfb, {0x4}, [@nested={0x4, 0x72, [@generic]}, @typed={0x8, 0x62, @fd=r1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004080}, 0x4000000)
sendto$llc(r1, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x1a, 0x304, 0x0, 0x0, 0x0, 0x0, @random="0387945b9f37"}, 0x10)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
mknod(0x0, 0x1041, 0x0)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000900), 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000ff000a6f34aa244f0000"], 0x1}}, 0x0)
readlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=""/53, 0x35)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000080)={0x0, 0x2710}, 0x10)
recvmmsg(r1, &(0x7f000000cd80)=[{{&(0x7f000000be80)=@ll, 0x80, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, {{0x0, 0x0, &(0x7f000000c700)=[{&(0x7f000000c680)=""/90, 0x5a}], 0x1, &(0x7f000000c740)=""/16, 0x10, 0x7f}, 0x200}, {{&(0x7f000000c780)=@ethernet, 0x80, &(0x7f000000ca00)=[{&(0x7f000000c800)=""/210, 0xd2}, {&(0x7f0000000140)=""/92, 0x5c}, {&(0x7f000000c980)=""/82, 0x52}], 0x3, &(0x7f000000ca40)=""/40, 0x28}, 0x6}, {{&(0x7f000000ca80)=@pppol2tpv3in6, 0x80, &(0x7f000000cd00)=[{&(0x7f000000cb00)=""/255, 0xff}, {&(0x7f000000cc00)}, {&(0x7f000000cc40)=""/180, 0xb4}], 0x3, &(0x7f000000cd40)=""/5, 0x5, 0x2}, 0xffffffff}], 0x4, 0x0, 0x0)

[  208.669295][ T7738] chnl_net:caif_netlink_parms(): no params data found
[  208.716474][ T7728] device hsr_slave_0 entered promiscuous mode
[  208.743328][ T7728] device hsr_slave_1 entered promiscuous mode
[  208.783080][ T7731] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.790203][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.799327][ T7731] device bridge_slave_0 entered promiscuous mode
[  208.799575][    C0] hrtimer: interrupt took 38531 ns
[  208.817191][ T7731] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.824503][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.832171][ T7731] device bridge_slave_1 entered promiscuous mode
[  208.911669][ T7736] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.919377][ T7736] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.927845][ T7736] device bridge_slave_0 entered promiscuous mode
[  208.941954][ T7736] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.949439][ T7736] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.965143][ T7736] device bridge_slave_1 entered promiscuous mode
15:20:08 executing program 0:
syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$llc(0x1a, 0x80200000000002, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x22, 0x100, 0x70bd2c, 0x25dfdbfb, {0x4}, [@nested={0x4, 0x72, [@generic]}, @typed={0x8, 0x62, @fd=r1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004080}, 0x4000000)
sendto$llc(r1, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x1a, 0x304, 0x0, 0x0, 0x0, 0x0, @random="0387945b9f37"}, 0x10)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
mknod(0x0, 0x1041, 0x0)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000900), 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000ff000a6f34aa244f0000"], 0x1}}, 0x0)
readlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=""/53, 0x35)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000080)={0x0, 0x2710}, 0x10)
recvmmsg(r1, &(0x7f000000cd80)=[{{&(0x7f000000be80)=@ll, 0x80, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, {{0x0, 0x0, &(0x7f000000c700)=[{&(0x7f000000c680)=""/90, 0x5a}], 0x1, &(0x7f000000c740)=""/16, 0x10, 0x7f}, 0x200}, {{&(0x7f000000c780)=@ethernet, 0x80, &(0x7f000000ca00)=[{&(0x7f000000c800)=""/210, 0xd2}, {&(0x7f0000000140)=""/92, 0x5c}, {&(0x7f000000c980)=""/82, 0x52}], 0x3, &(0x7f000000ca40)=""/40, 0x28}, 0x6}, {{&(0x7f000000ca80)=@pppol2tpv3in6, 0x80, &(0x7f000000cd00)=[{&(0x7f000000cb00)=""/255, 0xff}, {&(0x7f000000cc00)}, {&(0x7f000000cc40)=""/180, 0xb4}], 0x3, &(0x7f000000cd40)=""/5, 0x5, 0x2}, 0xffffffff}], 0x4, 0x0, 0x0)

[  209.025147][ T7731] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  209.074061][ T7731] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  209.091034][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.099310][ T7738] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.107114][ T7738] device bridge_slave_0 entered promiscuous mode
[  209.116108][ T7736] bond0: Enslaving bond_slave_0 as an active interface with an up link
15:20:08 executing program 0:
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x18, 0x101, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@RTA_GATEWAY={0x8, 0x5, @dev}]}, 0x24}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  209.128923][ T7736] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  209.147336][ T7738] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.159496][ T7738] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.167659][ T7738] device bridge_slave_1 entered promiscuous mode
[  209.206695][ T7736] team0: Port device team_slave_0 added
[  209.215385][ T7731] team0: Port device team_slave_0 added
[  209.231111][ T7738] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  209.242368][ T7738] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  209.252055][ T7731] team0: Port device team_slave_1 added
[  209.259374][ T7736] team0: Port device team_slave_1 added
[  209.284240][ T7728] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.302714][ T7738] team0: Port device team_slave_0 added
[  209.355689][ T7736] device hsr_slave_0 entered promiscuous mode
[  209.403102][ T7736] device hsr_slave_1 entered promiscuous mode
[  209.443904][ T7738] team0: Port device team_slave_1 added
[  209.468690][ T7726] 8021q: adding VLAN 0 to HW filter on device bond0
15:20:08 executing program 0:
clock_gettime(0xbffffffffffffff5, 0x0)

15:20:08 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@timestamp, @sack_perm], 0x1322d3)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@multicast1, @dev}, 0x10)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x2b)
fcntl$setstatus(r1, 0x4, 0x42803)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000000)="6cbf74d125f3e865489c3bed3a4e7a0c6280af62fe673b1c694bf85ff7b9ff5ee4ad55282873c701a5ac5cc31e23aae52976f8052b9d9b540ba861ac26f7f9ccff9597761f6e4e2350d6a01948acf5a6")

[  209.545612][ T7731] device hsr_slave_0 entered promiscuous mode
[  209.583617][ T7731] device hsr_slave_1 entered promiscuous mode
[  209.663206][ T7728] 8021q: adding VLAN 0 to HW filter on device team0
[  209.680170][ T7736] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.687283][ T7736] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.728587][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.749312][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  209.757321][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  209.765317][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  209.773323][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  209.831743][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  209.855026][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  209.867489][ T7725] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.874583][ T7725] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.883257][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  209.891796][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.900309][ T7725] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.907425][ T7725] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.915255][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  209.923898][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  209.932744][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  209.941217][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  209.949472][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  209.958131][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.026351][ T7738] device hsr_slave_0 entered promiscuous mode
[  210.043176][ T7738] device hsr_slave_1 entered promiscuous mode
[  210.095370][ T7726] 8021q: adding VLAN 0 to HW filter on device team0
[  210.105028][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.112732][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  210.120446][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  210.128648][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  210.137172][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  210.145600][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  210.165871][ T7728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  210.178988][ T7736] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.197192][ T7731] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.210876][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  210.219859][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  210.228410][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.235480][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.244252][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.258889][ T7736] 8021q: adding VLAN 0 to HW filter on device team0
[  210.270620][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.278252][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  210.294508][ T7728] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.306186][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.318072][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  210.326650][ T7725] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.333729][ T7725] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.358058][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  210.371729][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  210.388259][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.393276][    C0] protocol 88fb is buggy, dev hsr_slave_0
[  210.395373][ T7739] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.401104][    C0] protocol 88fb is buggy, dev hsr_slave_1
[  210.415473][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.424361][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  210.432560][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.439633][ T7739] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.447479][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.456604][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.465358][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  210.474302][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.496064][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  210.503978][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.511510][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  210.521098][ T7731] 8021q: adding VLAN 0 to HW filter on device team0
[  210.527887][    C0] protocol 88fb is buggy, dev hsr_slave_0
[  210.528392][    C0] protocol 88fb is buggy, dev hsr_slave_1
[  210.552899][    C1] protocol 88fb is buggy, dev hsr_slave_0
[  210.558676][    C1] protocol 88fb is buggy, dev hsr_slave_1
[  210.565817][ T7738] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.587110][ T7736] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  210.597963][ T7736] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  210.610923][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.619446][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.628063][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.632916][    C0] protocol 88fb is buggy, dev hsr_slave_0
[  210.636688][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.641688][    C0] protocol 88fb is buggy, dev hsr_slave_1
[  210.650610][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  210.664081][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  210.672219][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  210.680894][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.689825][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  210.698530][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  210.706847][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  210.715595][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  210.724142][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.731169][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.738744][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.748065][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  210.756420][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.763499][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.771051][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.779041][    C1] protocol 88fb is buggy, dev hsr_slave_0
[  210.779087][    C1] protocol 88fb is buggy, dev hsr_slave_1
[  210.791315][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.800183][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  210.808048][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  210.815978][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.844572][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.853661][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.862042][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  210.872724][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.881462][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  210.889992][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  210.898304][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.908241][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.916774][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  210.925361][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  210.933616][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  210.941787][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  210.950420][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  210.969383][ T7736] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.979682][ T7726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  210.997643][ T7731] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.008688][ T7731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  211.023340][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  211.031677][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  211.055932][ T7731] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.069406][ T7738] 8021q: adding VLAN 0 to HW filter on device team0
[  211.088710][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  211.098901][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.124386][ T7726] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.143809][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.152302][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
15:20:10 executing program 4:
r0 = open$dir(&(0x7f0000002b40)='./file0\x00', 0x4040, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

[  211.176156][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.183269][ T7739] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.197513][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.206280][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
15:20:10 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f00000001c0)='})\x00', 0x0)
fcntl$getown(r0, 0x9)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x102000000)
fcntl$setflags(r1, 0x2, 0x1)

[  211.220722][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.227837][ T7739] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.235897][   T26] audit: type=1800 audit(1550935210.400:31): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16529 res=0
[  211.263824][   T26] audit: type=1800 audit(1550935210.410:32): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16529 res=0
[  211.290496][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  211.299399][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.308570][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.344219][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.361729][ T7790] page:ffffea0002303000 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[  211.375279][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.406066][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  211.426053][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.439049][ T7790] flags: 0x1fffc0000000000()
[  211.448384][ T7790] raw: 01fffc0000000000 ffffea0002375248 ffffea00029678c8 0000000000000000
[  211.453712][ T7738] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  211.471530][ T7790] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  211.478264][ T7738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.487195][ T7790] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[  211.509158][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  211.510118][ T7790] ------------[ cut here ]------------
[  211.519533][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  211.521804][ T7790] kernel BUG at include/linux/mm.h:579!
[  211.542051][ T7790] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  211.545116][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  211.548143][ T7790] CPU: 0 PID: 7790 Comm: syz-executor.4 Not tainted 5.0.0-rc7-next-20190222 #41
[  211.548152][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  211.548175][ T7790] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[  211.548195][ T7790] Code: bd ff 4c 89 e7 e8 60 44 db ff e8 9b 28 bd ff 5b 41 5c 41 5d 5d c3 e8 8f 28 bd ff 48 c7 c6 e0 97 75 87 4c 89 e7 e8 90 dc e4 ff <0f> 0b e8 79 28 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 58 f9
[  211.556866][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  211.564891][ T7790] RSP: 0018:ffff88805b53f920 EFLAGS: 00010246
[  211.564904][ T7790] RAX: 0000000000040000 RBX: ffffea0002303034 RCX: ffffc9000e63f000
[  211.564913][ T7790] RDX: 0000000000040000 RSI: ffffffff81981a22 RDI: ffffea0002303038
[  211.564922][ T7790] RBP: ffff88805b53f938 R08: 000000000000003e R09: ffffed1015d05011
[  211.564931][ T7790] R10: ffffed1015d05010 R11: ffff8880ae828087 R12: ffffea0002303000
[  211.564939][ T7790] R13: 0000000000000000 R14: ffff8880969e1040 R15: ffff88805b5bdb40
[  211.564959][ T7790] FS:  00007f8e30d4d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  211.575629][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  211.581303][ T7790] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.581313][ T7790] CR2: 00007ffdebf639e8 CR3: 0000000086e91000 CR4: 00000000001406f0
[  211.581325][ T7790] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  211.581334][ T7790] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  211.581346][ T7790] Call Trace:
[  211.616368][ T7738] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.622738][ T7790]  iter_file_splice_write+0x7d1/0xbe0
[  211.636965][ T7738] kobject: 'vlan0' (00000000cf245f73): kobject_add_internal: parent: 'mesh', set: '<NULL>'
[  211.638653][ T7790]  ? atime_needs_update+0x5f0/0x5f0
[  211.638676][ T7790]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  211.638699][ T7790]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  211.743569][ T7790]  ? retint_kernel+0x2d/0x2d
[  211.748169][ T7790]  ? do_splice_to+0x132/0x190
[  211.752841][ T7790]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  211.758824][ T7790]  direct_splice_actor+0x126/0x1a0
[  211.763930][ T7790]  splice_direct_to_actor+0x369/0x970
[  211.769798][ T7790]  ? generic_pipe_buf_nosteal+0x10/0x10
[  211.775342][ T7790]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  211.781587][ T7790]  ? do_splice_to+0x190/0x190
[  211.786285][ T7790]  ? rw_verify_area+0x118/0x360
[  211.791142][ T7790]  do_splice_direct+0x1da/0x2a0
[  211.795991][ T7790]  ? splice_direct_to_actor+0x970/0x970
[  211.801533][ T7790]  ? rw_verify_area+0x118/0x360
[  211.806405][ T7790]  do_sendfile+0x597/0xd00
[  211.810820][ T7790]  ? do_compat_pwritev64+0x1c0/0x1c0
[  211.816102][ T7790]  ? trace_hardirqs_on_caller+0x6a/0x220
[  211.821742][ T7790]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  211.827234][ T7790]  __x64_sys_sendfile64+0x1dd/0x220
[  211.832429][ T7790]  ? __ia32_sys_sendfile+0x230/0x230
[  211.837729][ T7790]  do_syscall_64+0x103/0x610
[  211.842345][ T7790]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.848242][ T7790] RIP: 0033:0x457e29
[  211.852135][ T7790] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.871736][ T7790] RSP: 002b:00007f8e30d4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  211.880142][ T7790] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  211.888100][ T7790] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  211.896060][ T7790] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
15:20:10 executing program 1:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

15:20:10 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0x3e6)
sendto$inet(r0, &(0x7f0000000200)="b7", 0x1, 0xfffffffffffffffd, 0x0, 0x0)

15:20:10 executing program 3:

15:20:11 executing program 3:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

[  211.904133][ T7790] R10: 0000000102000000 R11: 0000000000000246 R12: 00007f8e30d4d6d4
[  211.912096][ T7790] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  211.920075][ T7790] Modules linked in:
[  211.940203][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  211.945881][ T7790] ---[ end trace 0ac87c4d8958747b ]---
[  211.953267][ T3874] kobject: 'loop3' (000000000638ee3d): kobject_uevent_env
[  211.960515][ T3874] kobject: 'loop3' (000000000638ee3d): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  211.979378][ T3874] kobject: 'loop5' (00000000da031a22): kobject_uevent_env
[  211.990054][ T7790] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[  212.002975][ T3874] kobject: 'loop5' (00000000da031a22): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  212.018774][ T7790] Code: bd ff 4c 89 e7 e8 60 44 db ff e8 9b 28 bd ff 5b 41 5c 41 5d 5d c3 e8 8f 28 bd ff 48 c7 c6 e0 97 75 87 4c 89 e7 e8 90 dc e4 ff <0f> 0b e8 79 28 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 58 f9
[  212.040517][ T7790] RSP: 0018:ffff88805b53f920 EFLAGS: 00010246
[  212.050443][ T7790] RAX: 0000000000040000 RBX: ffffea0002303034 RCX: ffffc9000e63f000
15:20:11 executing program 5:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

15:20:11 executing program 1:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

[  212.059669][ T7790] RDX: 0000000000040000 RSI: ffffffff81981a22 RDI: ffffea0002303038
[  212.072497][ T3874] kobject: 'loop5' (00000000da031a22): kobject_uevent_env
[  212.073102][ T7790] RBP: ffff88805b53f938 R08: 000000000000003e R09: ffffed1015d05011
[  212.088467][ T3874] kobject: 'loop5' (00000000da031a22): fill_kobj_path: path = '/devices/virtual/block/loop5'
15:20:11 executing program 3:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

[  212.112433][ T7822] page:ffffea00029fec40 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[  212.125287][ T7790] R10: ffffed1015d05010 R11: ffff8880ae828087 R12: ffffea0002303000
[  212.134517][ T3874] kobject: 'loop3' (000000000638ee3d): kobject_uevent_env
[  212.139777][ T7822] flags: 0x1fffc0000000000()
[  212.146458][ T3874] kobject: 'loop3' (000000000638ee3d): fill_kobj_path: path = '/devices/virtual/block/loop3'
15:20:11 executing program 1:
r0 = epoll_create1(0x0)
flock(r0, 0x2)
r1 = epoll_create(0x8001)
r2 = epoll_create1(0x0)
flock(r2, 0x1)
dup2(r1, r0)

[  212.175977][ T3874] kobject: 'loop1' (00000000d57020ce): kobject_uevent_env
[  212.184376][ T7822] raw: 01fffc0000000000 dead000000000100 dead000000000200 0000000000000000
[  212.191601][ T3874] kobject: 'loop1' (00000000d57020ce): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  212.193610][ T7822] raw: 0000000000000000 ffff88809490e738 00000001fffff9ff ffff88805bb76cc0
[  212.209516][ T7790] R13: 0000000000000000 R14: ffff8880969e1040 R15: ffff88805b5bdb40
15:20:11 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0x3e6)
sendto$inet(r0, &(0x7f0000000200)="b7", 0x1, 0xfffffffffffffffd, 0x0, 0x0)

[  212.212776][ T7822] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[  212.229402][ T7822] page->mem_cgroup:ffff88805bb76cc0
[  212.246571][ T3874] kobject: 'loop2' (00000000ee688dca): kobject_uevent_env
[  212.258549][ T7822] ------------[ cut here ]------------
[  212.264022][ T7822] kernel BUG at include/linux/mm.h:579!
[  212.265765][ T3874] kobject: 'loop2' (00000000ee688dca): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  212.273460][ T7822] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[  212.279868][ T7790] FS:  00007f8e30d4d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  212.285819][ T7822] CPU: 1 PID: 7822 Comm: syz-executor.4 Tainted: G      D           5.0.0-rc7-next-20190222 #41
[  212.285828][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.285850][ T7822] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[  212.285864][ T7822] Code: bd ff 4c 89 e7 e8 60 44 db ff e8 9b 28 bd ff 5b 41 5c 41 5d 5d c3 e8 8f 28 bd ff 48 c7 c6 e0 97 75 87 4c 89 e7 e8 90 dc e4 ff <0f> 0b e8 79 28 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 58 f9
[  212.285872][ T7822] RSP: 0018:ffff88805aabf920 EFLAGS: 00010246
[  212.285884][ T7822] RAX: 0000000000040000 RBX: ffffea00029fec74 RCX: ffffc9000ea41000
[  212.285892][ T7822] RDX: 0000000000040000 RSI: ffffffff81981a22 RDI: ffffed100b557f08
[  212.285901][ T7822] RBP: ffff88805aabf938 R08: 0000000000000021 R09: ffffed1015d25011
[  212.285910][ T7822] R10: ffffed1015d25010 R11: ffff8880ae928087 R12: ffffea00029fec40
[  212.285919][ T7822] R13: 0000000000000000 R14: ffff8880864b9cc0 R15: ffff88805b5bd6c0
[  212.285931][ T7822] FS:  00007f8e30d0b700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  212.285941][ T7822] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  212.285950][ T7822] CR2: 000000000070e6b4 CR3: 0000000086e91000 CR4: 00000000001406e0
[  212.285962][ T7822] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  212.285978][ T7822] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  212.305436][ T3874] kobject: 'loop3' (000000000638ee3d): kobject_uevent_env
[  212.315347][ T7822] Call Trace:
[  212.315368][ T7822]  iter_file_splice_write+0x7d1/0xbe0
[  212.315383][ T7822]  ? atime_needs_update+0x5f0/0x5f0
[  212.315404][ T7822]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  212.315429][ T7822]  ? rw_verify_area+0x118/0x360
[  212.315444][ T7822]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  212.315464][ T7822]  direct_splice_actor+0x126/0x1a0
[  212.324484][ T3874] kobject: 'loop3' (000000000638ee3d): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  212.341388][ T7822]  splice_direct_to_actor+0x369/0x970
[  212.341404][ T7822]  ? generic_pipe_buf_nosteal+0x10/0x10
[  212.341422][ T7822]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.341436][ T7822]  ? do_splice_to+0x190/0x190
[  212.341452][ T7822]  ? rw_verify_area+0x118/0x360
[  212.341473][ T7822]  do_splice_direct+0x1da/0x2a0
[  212.355132][ T7790] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  212.355563][ T7822]  ? splice_direct_to_actor+0x970/0x970
[  212.355584][ T7822]  ? rw_verify_area+0x118/0x360
[  212.355600][ T7822]  do_sendfile+0x597/0xd00
[  212.355621][ T7822]  ? do_compat_pwritev64+0x1c0/0x1c0
[  212.375083][ T7790] CR2: 0000000001073478 CR3: 0000000086e91000 CR4: 00000000001406f0
[  212.379523][ T7822]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  212.379538][ T7822]  ? put_timespec64+0xda/0x140
[  212.379560][ T7822]  __x64_sys_sendfile64+0x1dd/0x220
[  212.379582][ T7822]  ? __ia32_sys_sendfile+0x230/0x230
[  212.390013][ T7790] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  212.396477][ T7822]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  212.396494][ T7822]  ? trace_hardirqs_off_caller+0x65/0x220
[  212.396508][ T7822]  ? trace_hardirqs_on+0x67/0x230
[  212.396525][ T7822]  do_syscall_64+0x103/0x610
[  212.396543][ T7822]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.396552][ T7822] RIP: 0033:0x457e29
[  212.396566][ T7822] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  212.396573][ T7822] RSP: 002b:00007f8e30d0ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  212.396586][ T7822] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  212.396601][ T7822] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  212.408204][ T7790] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  212.411144][ T7822] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000
[  212.411153][ T7822] R10: 0000000102000000 R11: 0000000000000246 R12: 00007f8e30d0b6d4
[  212.411162][ T7822] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  212.411174][ T7822] Modules linked in:
[  212.424728][ T7822] ---[ end trace 0ac87c4d8958747c ]---
[  212.428609][ T3874] kobject: 'loop5' (00000000da031a22): kobject_uevent_env
[  212.452951][ T7822] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[  212.461678][ T3874] kobject: 'loop5' (00000000da031a22): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  212.468322][ T7822] Code: bd ff 4c 89 e7 e8 60 44 db ff e8 9b 28 bd ff 5b 41 5c 41 5d 5d c3 e8 8f 28 bd ff 48 c7 c6 e0 97 75 87 4c 89 e7 e8 90 dc e4 ff <0f> 0b e8 79 28 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 58 f9
[  212.479756][ T3874] kobject: 'loop1' (00000000d57020ce): kobject_uevent_env
[  212.491183][ T7822] RSP: 0018:ffff88805b53f920 EFLAGS: 00010246
[  212.491604][ T3874] kobject: 'loop1' (00000000d57020ce): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  212.498763][ T7822] RAX: 0000000000040000 RBX: ffffea0002303034 RCX: ffffc9000e63f000
[  212.505590][ T7790] Kernel panic - not syncing: Fatal exception
[  212.509124][ T7822] RDX: 0000000000040000 RSI: ffffffff81981a22 RDI: ffffea0002303038
[  212.513366][ T7790] Kernel Offset: disabled
[  212.786102][ T7790] Rebooting in 86400 seconds..