[ 55.315988][ T26] audit: type=1800 audit(1572485974.853:25): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.335981][ T26] audit: type=1800 audit(1572485974.853:26): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.382325][ T26] audit: type=1800 audit(1572485974.853:27): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 55.932018][ T8663] sshd (8663) used greatest stack depth: 22888 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts. 2019/10/31 01:39:43 fuzzer started 2019/10/31 01:39:45 dialing manager at 10.128.0.26:32889 2019/10/31 01:39:45 syscalls: 2541 2019/10/31 01:39:45 code coverage: enabled 2019/10/31 01:39:45 comparison tracing: enabled 2019/10/31 01:39:45 extra coverage: extra coverage is not supported by the kernel 2019/10/31 01:39:45 setuid sandbox: enabled 2019/10/31 01:39:45 namespace sandbox: enabled 2019/10/31 01:39:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/31 01:39:45 fault injection: enabled 2019/10/31 01:39:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/31 01:39:45 net packet injection: enabled 2019/10/31 01:39:45 net device setup: enabled 2019/10/31 01:39:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 01:41:35 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x400}], 0x0, 0x0) 01:41:35 executing program 1: openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) bind$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23}, 0x10) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000000)={0x0, 0x9, 0x9253, 0x6, 0x8, 0x5}) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x80004, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4000010000000013, &(0x7f0000000040)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @loopback}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x400000004e21, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e23, @loopback}, 0x10) connect$inet(r0, &(0x7f0000000340)={0x2, 0x4e21, @loopback}, 0x10) syzkaller login: [ 175.808844][ T8763] IPVS: ftp: loaded support on port[0] = 21 01:41:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000580), 0x1000019e) mkdir(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(r1, 0xffffffffffffffff) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000180)=0x5d1, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r4, &(0x7f0000008880), 0x75d, 0x44000122, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)) [ 175.996985][ T8765] IPVS: ftp: loaded support on port[0] = 21 [ 176.059811][ T8763] chnl_net:caif_netlink_parms(): no params data found [ 176.147222][ T8763] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.155302][ T8763] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.163970][ T8763] device bridge_slave_0 entered promiscuous mode [ 176.173351][ T8763] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.180458][ T8763] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.189601][ T8763] device bridge_slave_1 entered promiscuous mode 01:41:35 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000280)={0x5, 0x10, 0xfa00, {0x0}}, 0x18) [ 176.224745][ T8768] IPVS: ftp: loaded support on port[0] = 21 [ 176.230984][ T8763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.254543][ T8763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.310976][ T8763] team0: Port device team_slave_0 added [ 176.339239][ T8763] team0: Port device team_slave_1 added 01:41:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x7ffff, &(0x7f0000000080)={@local, @local, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x21c, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply={0xffffff83, 0xa}}}}}, &(0x7f0000000040)) [ 176.527004][ T8763] device hsr_slave_0 entered promiscuous mode 01:41:36 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x800000007}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) [ 176.683368][ T8763] device hsr_slave_1 entered promiscuous mode [ 176.748162][ T8765] chnl_net:caif_netlink_parms(): no params data found [ 176.770760][ T8773] IPVS: ftp: loaded support on port[0] = 21 [ 176.787010][ T8771] IPVS: ftp: loaded support on port[0] = 21 [ 176.851902][ T8768] chnl_net:caif_netlink_parms(): no params data found [ 176.888457][ T8775] IPVS: ftp: loaded support on port[0] = 21 [ 176.937431][ T8765] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.944621][ T8765] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.952185][ T8765] device bridge_slave_0 entered promiscuous mode [ 176.965147][ T8765] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.972282][ T8765] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.980359][ T8765] device bridge_slave_1 entered promiscuous mode [ 176.995727][ T8768] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.003118][ T8768] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.011299][ T8768] device bridge_slave_0 entered promiscuous mode [ 177.021231][ T8768] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.028318][ T8768] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.036378][ T8768] device bridge_slave_1 entered promiscuous mode [ 177.095394][ T8765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.119764][ T8768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.132989][ T8765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.167439][ T8768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.268438][ T8765] team0: Port device team_slave_0 added [ 177.278453][ T8768] team0: Port device team_slave_0 added [ 177.286112][ T8768] team0: Port device team_slave_1 added [ 177.306459][ T8765] team0: Port device team_slave_1 added [ 177.331427][ T8775] chnl_net:caif_netlink_parms(): no params data found [ 177.360605][ T8771] chnl_net:caif_netlink_parms(): no params data found [ 177.446140][ T8765] device hsr_slave_0 entered promiscuous mode [ 177.483272][ T8765] device hsr_slave_1 entered promiscuous mode [ 177.523101][ T8765] debugfs: Directory 'hsr0' with parent '/' already present! [ 177.575379][ T8768] device hsr_slave_0 entered promiscuous mode [ 177.613313][ T8768] device hsr_slave_1 entered promiscuous mode [ 177.653012][ T8768] debugfs: Directory 'hsr0' with parent '/' already present! [ 177.682358][ T8775] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.690040][ T8775] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.697955][ T8775] device bridge_slave_0 entered promiscuous mode [ 177.717413][ T8763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.738194][ T8773] chnl_net:caif_netlink_parms(): no params data found [ 177.748771][ T8775] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.756072][ T8775] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.764383][ T8775] device bridge_slave_1 entered promiscuous mode [ 177.809002][ T8775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.827175][ T8771] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.834653][ T8771] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.842421][ T8771] device bridge_slave_0 entered promiscuous mode [ 177.863819][ T8775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.887496][ T8771] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.897497][ T8771] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.906074][ T8771] device bridge_slave_1 entered promiscuous mode [ 177.939983][ T8773] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.948526][ T8773] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.956515][ T8773] device bridge_slave_0 entered promiscuous mode [ 177.968076][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.977217][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.005540][ T8773] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.012712][ T8773] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.021498][ T8773] device bridge_slave_1 entered promiscuous mode [ 178.036472][ T8763] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.046125][ T8771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.071686][ T8775] team0: Port device team_slave_0 added [ 178.079443][ T8775] team0: Port device team_slave_1 added [ 178.098744][ T8771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.117393][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.127142][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.136170][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.143644][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.152379][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.161399][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.169975][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.177190][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.184873][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.210574][ T8773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.237774][ T8773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.249135][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.260485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.304993][ T8775] device hsr_slave_0 entered promiscuous mode [ 178.353200][ T8775] device hsr_slave_1 entered promiscuous mode [ 178.423209][ T8775] debugfs: Directory 'hsr0' with parent '/' already present! [ 178.460210][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.469160][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.477983][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.488368][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.497618][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.506346][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.515166][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.523741][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.545900][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.557673][ T8763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.573997][ T8771] team0: Port device team_slave_0 added [ 178.589292][ T8768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.619676][ T8771] team0: Port device team_slave_1 added [ 178.627603][ T8773] team0: Port device team_slave_0 added [ 178.653225][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.660947][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.683424][ T8765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.692235][ T8763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.701823][ T8773] team0: Port device team_slave_1 added [ 178.718864][ T8768] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.785130][ T8771] device hsr_slave_0 entered promiscuous mode [ 178.853308][ T8771] device hsr_slave_1 entered promiscuous mode [ 178.903166][ T8771] debugfs: Directory 'hsr0' with parent '/' already present! [ 178.912546][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.920441][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.930616][ T8765] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.016115][ T8773] device hsr_slave_0 entered promiscuous mode [ 179.073219][ T8773] device hsr_slave_1 entered promiscuous mode [ 179.122916][ T8773] debugfs: Directory 'hsr0' with parent '/' already present! [ 179.163801][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.179351][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.200739][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.207910][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.217918][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.226739][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.235344][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.242384][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.250365][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.258931][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.267576][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.275993][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.283119][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.290664][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.300050][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.308477][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.315580][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.323796][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.332349][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.341010][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.349533][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.359914][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.367845][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.378111][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.387183][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.432468][ T8765] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.443693][ T8765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 01:41:39 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0), 0x4) [ 179.473573][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.482112][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.497986][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.506736][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.517511][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.527104][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.535849][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.544715][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.553365][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.561941][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.570716][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.580183][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.590589][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.599152][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 01:41:39 executing program 0: [ 179.622061][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.630118][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.681790][ T8768] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.708320][ T8765] 8021q: adding VLAN 0 to HW filter on device batadv0 01:41:39 executing program 0: 01:41:39 executing program 0: [ 179.834403][ T8775] 8021q: adding VLAN 0 to HW filter on device bond0 01:41:39 executing program 0: [ 179.901200][ T8768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.917633][ T8775] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.963733][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.971556][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:41:39 executing program 0: [ 180.034666][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.050741][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:41:39 executing program 0: [ 180.083293][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.090393][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.107290][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.116300][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.139472][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.146680][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.172367][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.181111][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.190747][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.269496][ T8773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.307424][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 01:41:39 executing program 1: [ 180.325743][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.354925][ T8771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.376214][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.387876][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.414579][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.431130][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.440477][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 01:41:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000580), 0x1000019e) mkdir(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(r1, 0xffffffffffffffff) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000180)=0x5d1, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r4, &(0x7f0000008880), 0x75d, 0x44000122, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)) [ 180.510906][ T8771] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.560596][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.568780][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.585994][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.595027][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.613982][ T8775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.631436][ T8773] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.639177][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.647688][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.655749][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.664846][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.675300][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.682533][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.692254][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.703064][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.712385][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.719628][ T3022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.728719][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.789637][ T8775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.799234][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.809680][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.820387][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.829376][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.836494][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.846851][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.857360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.866809][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.875274][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.882426][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.891619][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.899594][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.908332][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.922498][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.931256][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.963830][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.972647][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.981838][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.992025][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.000365][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.009208][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.017596][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.026002][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.034940][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.043496][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.051983][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.060885][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.069268][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.080727][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.094424][ T8773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.106283][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.128509][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.144913][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.159133][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.184313][ T8773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.200602][ T8771] 8021q: adding VLAN 0 to HW filter on device batadv0 01:41:41 executing program 3: 01:41:41 executing program 4: 01:41:41 executing program 0: 01:41:41 executing program 1: 01:41:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000580), 0x1000019e) mkdir(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(r1, 0xffffffffffffffff) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000180)=0x5d1, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r4, &(0x7f0000008880), 0x75d, 0x44000122, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)) 01:41:41 executing program 5: 01:41:41 executing program 3: 01:41:41 executing program 0: 01:41:41 executing program 5: 01:41:41 executing program 1: 01:41:41 executing program 2: [ 181.658826][ T8879] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 01:41:41 executing program 3: 01:41:41 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto(r0, &(0x7f0000000200)='`', 0x1, 0x1, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendto$inet(r0, &(0x7f00000012c0)="03", 0x1, 0x40849, 0x0, 0x0) 01:41:41 executing program 0: 01:41:41 executing program 5: 01:41:41 executing program 1: 01:41:41 executing program 0: 01:41:41 executing program 2: 01:41:41 executing program 3: 01:41:41 executing program 5: 01:41:41 executing program 4: 01:41:41 executing program 1: 01:41:41 executing program 2: 01:41:41 executing program 0: 01:41:41 executing program 3: 01:41:41 executing program 4: 01:41:41 executing program 5: 01:41:41 executing program 1: 01:41:41 executing program 2: 01:41:41 executing program 0: 01:41:41 executing program 3: 01:41:41 executing program 4: 01:41:42 executing program 5: 01:41:42 executing program 1: 01:41:42 executing program 2: 01:41:42 executing program 3: 01:41:42 executing program 4: 01:41:42 executing program 1: 01:41:42 executing program 2: 01:41:42 executing program 0: 01:41:42 executing program 4: 01:41:42 executing program 5: 01:41:42 executing program 3: 01:41:42 executing program 1: 01:41:42 executing program 0: 01:41:42 executing program 2: 01:41:42 executing program 5: 01:41:42 executing program 4: 01:41:42 executing program 3: unshare(0x20000400) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0045405, 0x0) 01:41:42 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) readv(0xffffffffffffffff, &(0x7f0000002340)=[{0x0}], 0x1) readv(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') syz_open_pts(r2, 0x100) getpriority(0x0, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) 01:41:42 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) r1 = io_uring_setup(0xa4, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000280)=[r0], 0x1) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) 01:41:42 executing program 2: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x1f1}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x7a) 01:41:42 executing program 4: unshare(0x20000400) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) 01:41:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000400)='devpts\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 01:41:42 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)) syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') syz_open_pts(r1, 0x0) getpriority(0x0, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 183.335700][ C1] hrtimer: interrupt took 27947 ns 01:41:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x1f1}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x7a) 01:41:43 executing program 4: unshare(0x20000400) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000180)=""/109, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/97, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480)=ANY=[]) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000006c0)=0x5) [ 183.594753][ T8989] ================================================================== [ 183.603208][ T8989] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 183.610505][ T8989] Write of size 8 at addr 0000000000000004 by task syz-executor.0/8989 [ 183.618747][ T8989] [ 183.621090][ T8989] CPU: 0 PID: 8989 Comm: syz-executor.0 Not tainted 5.4.0-rc5-next-20191030 #0 [ 183.630228][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.640315][ T8989] Call Trace: [ 183.643629][ T8989] dump_stack+0x172/0x1f0 [ 183.647977][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 183.653008][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 183.658110][ T8989] __kasan_report.cold+0x5/0x41 [ 183.662979][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 183.667930][ T8989] kasan_report+0x12/0x20 [ 183.672270][ T8989] check_memory_region+0x134/0x1a0 [ 183.677390][ T8989] __kasan_check_write+0x14/0x20 [ 183.682338][ T8989] io_wq_cancel_all+0x28/0x2a0 [ 183.687116][ T8989] io_uring_flush+0x35a/0x4e0 [ 183.691807][ T8989] ? exit_sem+0x9a4/0x1d89 [ 183.696236][ T8989] ? io_wake_function+0x260/0x260 [ 183.701267][ T8989] ? exit_files+0x7b/0xb0 [ 183.705607][ T8989] ? finish_wait+0x260/0x260 [ 183.710199][ T8989] ? exit_files+0x7b/0xb0 [ 183.714552][ T8989] ? io_wake_function+0x260/0x260 [ 183.719591][ T8989] filp_close+0xbd/0x170 [ 183.723862][ T8989] put_files_struct+0x1d7/0x2f0 [ 183.728732][ T8989] exit_files+0x83/0xb0 [ 183.732907][ T8989] do_exit+0x8d2/0x2e60 [ 183.737084][ T8989] ? mm_update_next_owner+0x640/0x640 [ 183.742592][ T8989] ? lock_downgrade+0x920/0x920 [ 183.747539][ T8989] ? _raw_spin_unlock_irq+0x23/0x80 [ 183.752903][ T8989] ? get_signal+0x392/0x24f0 [ 183.757505][ T8989] ? _raw_spin_unlock_irq+0x23/0x80 [ 183.762721][ T8989] do_group_exit+0x135/0x360 [ 183.767329][ T8989] get_signal+0x47c/0x24f0 [ 183.771771][ T8989] ? lock_downgrade+0x920/0x920 [ 183.776650][ T8989] do_signal+0x87/0x1700 [ 183.781038][ T8989] ? __kasan_check_read+0x11/0x20 [ 183.786218][ T8989] ? _copy_to_user+0x118/0x160 01:41:43 executing program 5: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x1f1}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x7a) [ 183.791095][ T8989] ? setup_sigcontext+0x7d0/0x7d0 [ 183.796310][ T8989] ? exit_to_usermode_loop+0x43/0x380 [ 183.801702][ T8989] ? do_syscall_64+0x65f/0x760 [ 183.806681][ T8989] ? exit_to_usermode_loop+0x43/0x380 [ 183.812061][ T8989] ? lockdep_hardirqs_on+0x421/0x5e0 [ 183.817587][ T8989] ? trace_hardirqs_on+0x67/0x240 [ 183.817615][ T8989] exit_to_usermode_loop+0x286/0x380 [ 183.817632][ T8989] do_syscall_64+0x65f/0x760 [ 183.817651][ T8989] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.817662][ T8989] RIP: 0033:0x459f49 [ 183.817675][ T8989] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.817681][ T8989] RSP: 002b:00007fe3b437bcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 183.817693][ T8989] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 183.817700][ T8989] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 183.817707][ T8989] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 183.817716][ T8989] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 183.817725][ T8989] R13: 00007fffb468861f R14: 00007fe3b437c9c0 R15: 000000000075bfd4 [ 183.817744][ T8989] ================================================================== [ 183.817747][ T8989] Disabling lock debugging due to kernel taint [ 183.858412][ T8989] Kernel panic - not syncing: panic_on_warn set ... [ 183.932641][ T8989] CPU: 0 PID: 8989 Comm: syz-executor.0 Tainted: G B 5.4.0-rc5-next-20191030 #0 [ 183.943037][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.953210][ T8989] Call Trace: [ 183.956507][ T8989] dump_stack+0x172/0x1f0 [ 183.960875][ T8989] panic+0x2e3/0x75c [ 183.964767][ T8989] ? add_taint.cold+0x16/0x16 [ 183.969434][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 183.974423][ T8989] ? preempt_schedule+0x4b/0x60 [ 183.979275][ T8989] ? ___preempt_schedule+0x16/0x18 [ 183.984422][ T8989] ? trace_hardirqs_on+0x5e/0x240 [ 183.989871][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 183.994799][ T8989] end_report+0x47/0x4f [ 183.998951][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 184.003939][ T8989] __kasan_report.cold+0xe/0x41 [ 184.008782][ T8989] ? io_wq_cancel_all+0x28/0x2a0 [ 184.013856][ T8989] kasan_report+0x12/0x20 [ 184.018173][ T8989] check_memory_region+0x134/0x1a0 [ 184.023274][ T8989] __kasan_check_write+0x14/0x20 [ 184.028203][ T8989] io_wq_cancel_all+0x28/0x2a0 [ 184.033094][ T8989] io_uring_flush+0x35a/0x4e0 [ 184.037762][ T8989] ? exit_sem+0x9a4/0x1d89 [ 184.042168][ T8989] ? io_wake_function+0x260/0x260 [ 184.047182][ T8989] ? exit_files+0x7b/0xb0 [ 184.051622][ T8989] ? finish_wait+0x260/0x260 [ 184.056208][ T8989] ? exit_files+0x7b/0xb0 [ 184.060538][ T8989] ? io_wake_function+0x260/0x260 [ 184.065557][ T8989] filp_close+0xbd/0x170 [ 184.069788][ T8989] put_files_struct+0x1d7/0x2f0 [ 184.074636][ T8989] exit_files+0x83/0xb0 [ 184.078784][ T8989] do_exit+0x8d2/0x2e60 [ 184.082929][ T8989] ? mm_update_next_owner+0x640/0x640 [ 184.088289][ T8989] ? lock_downgrade+0x920/0x920 [ 184.093281][ T8989] ? _raw_spin_unlock_irq+0x23/0x80 [ 184.098597][ T8989] ? get_signal+0x392/0x24f0 [ 184.103194][ T8989] ? _raw_spin_unlock_irq+0x23/0x80 [ 184.108571][ T8989] do_group_exit+0x135/0x360 [ 184.113172][ T8989] get_signal+0x47c/0x24f0 [ 184.117590][ T8989] ? lock_downgrade+0x920/0x920 [ 184.122445][ T8989] do_signal+0x87/0x1700 [ 184.126684][ T8989] ? __kasan_check_read+0x11/0x20 [ 184.131700][ T8989] ? _copy_to_user+0x118/0x160 [ 184.136543][ T8989] ? setup_sigcontext+0x7d0/0x7d0 [ 184.141565][ T8989] ? exit_to_usermode_loop+0x43/0x380 [ 184.146923][ T8989] ? do_syscall_64+0x65f/0x760 [ 184.151676][ T8989] ? exit_to_usermode_loop+0x43/0x380 [ 184.157049][ T8989] ? lockdep_hardirqs_on+0x421/0x5e0 [ 184.162445][ T8989] ? trace_hardirqs_on+0x67/0x240 [ 184.167462][ T8989] exit_to_usermode_loop+0x286/0x380 [ 184.172751][ T8989] do_syscall_64+0x65f/0x760 [ 184.177623][ T8989] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.183613][ T8989] RIP: 0033:0x459f49 [ 184.187509][ T8989] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.207217][ T8989] RSP: 002b:00007fe3b437bcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 184.215890][ T8989] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 184.223930][ T8989] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 184.232208][ T8989] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 184.240263][ T8989] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 184.248440][ T8989] R13: 00007fffb468861f R14: 00007fe3b437c9c0 R15: 000000000075bfd4 [ 184.258150][ T8989] Kernel Offset: disabled [ 184.262487][ T8989] Rebooting in 86400 seconds..