[info] Using makefile-style concurrent boot in runlevel 2. [ 45.494130][ T26] audit: type=1800 audit(1575428212.636:21): pid=7406 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 45.517325][ T26] audit: type=1800 audit(1575428212.636:22): pid=7406 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2019/12/04 02:57:02 fuzzer started 2019/12/04 02:57:03 dialing manager at 10.128.0.105:44523 2019/12/04 02:57:04 syscalls: 2684 2019/12/04 02:57:04 code coverage: enabled 2019/12/04 02:57:04 comparison tracing: enabled 2019/12/04 02:57:04 extra coverage: extra coverage is not supported by the kernel 2019/12/04 02:57:04 setuid sandbox: enabled 2019/12/04 02:57:04 namespace sandbox: enabled 2019/12/04 02:57:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 02:57:04 fault injection: enabled 2019/12/04 02:57:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 02:57:04 net packet injection: enabled 2019/12/04 02:57:04 net device setup: enabled 2019/12/04 02:57:04 concurrency sanitizer: enabled 2019/12/04 02:57:04 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 62.858857][ T7573] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/04 02:57:15 adding functions to KCSAN blacklist: 'echo_char' 'audit_log_start' 'ext4_mark_iloc_dirty' 'ktime_get_real_seconds' 'atime_needs_update' 'tick_sched_do_timer' 'rcu_gp_fqs_check_wake' 'xas_clear_mark' 'copy_process' 'ep_poll' 'do_syslog' 'generic_fillattr' 'tcp_add_backlog' 'pcpu_alloc' 'rcu_gp_fqs_loop' 'mem_cgroup_select_victim_node' 'tick_nohz_idle_stop_tick' 'lruvec_lru_size' 'ext4_has_free_clusters' 'ext4_free_inode' 'find_get_pages_range_tag' '__add_to_page_cache_locked' 'find_alive_thread' 'complete_signal' 'vm_area_dup' 'tomoyo_check_path_acl' 'commit_echoes' 'pipe_poll' 'find_next_bit' 'dd_has_work' '__snd_rawmidi_transmit_ack' 'blk_mq_run_hw_queue' 'do_nanosleep' 'tomoyo_supervisor' 'skb_dequeue' 'kauditd_thread' 'taskstats_exit' 'mm_update_next_owner' 'futex_wait_queue_me' 'd_delete' '__ext4_new_inode' 'poll_schedule_timeout' 'common_perm_cond' 'evict' 'ext4_da_write_end' '__hrtimer_run_queues' 'blk_mq_sched_dispatch_requests' 'bio_endio' 'pid_update_inode' 'ip_finish_output2' '__get_user_pages' 'tick_do_update_jiffies64' 'add_timer' 'do_exit' 'del_timer' 'run_timer_softirq' 'timer_clear_idle' 'ext4_mb_good_group' 'blk_mq_dispatch_rq_list' 'do_signal_stop' 'n_tty_receive_buf_common' 'list_lru_count_one' 'process_srcu' 'ext4_free_inodes_count' 'ext4_mb_find_by_goal' 'ext4_nonda_switch' 'pipe_wait' 'xas_find_marked' 'dccp_fin' 'generic_write_end' 'mod_timer' 'wbt_issue' 'p9_poll_workfn' 'sit_tunnel_xmit' '__mark_inode_dirty' 'wbt_done' 'blk_mq_get_request' 03:00:50 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000380)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000003c0)={{0x20}}) [ 283.081782][ T7577] IPVS: ftp: loaded support on port[0] = 21 03:00:50 executing program 1: r0 = socket(0x1e, 0x5, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000), 0x1e6}], 0x1038) r1 = socket(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000000), 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)=@tipc=@id={0x1e, 0x3, 0x0, {0x0, 0x4}}, 0x80, 0x0}, 0x0) sendmmsg(r0, &(0x7f0000000080), 0x1c0, 0x0) [ 283.176859][ T7577] chnl_net:caif_netlink_parms(): no params data found [ 283.237236][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.244381][ T7577] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.252115][ T7577] device bridge_slave_0 entered promiscuous mode [ 283.266792][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.273894][ T7577] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.281817][ T7577] device bridge_slave_1 entered promiscuous mode [ 283.300770][ T7577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.311354][ T7577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 283.315292][ T7580] IPVS: ftp: loaded support on port[0] = 21 [ 283.330969][ T7577] team0: Port device team_slave_0 added [ 283.338339][ T7577] team0: Port device team_slave_1 added 03:00:50 executing program 2: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)="135adae8b0ad3d8d3db2c74e6a0a899915f69e7c30ae1767eeceedc08ec677daae714062e84b7bbfbcccb82089", 0x2d}], 0x1) [ 283.418564][ T7577] device hsr_slave_0 entered promiscuous mode [ 283.447583][ T7577] device hsr_slave_1 entered promiscuous mode [ 283.569373][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.576483][ T7577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.583825][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.590889][ T7577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.819789][ T7580] chnl_net:caif_netlink_parms(): no params data found [ 283.823426][ T7602] IPVS: ftp: loaded support on port[0] = 21 [ 283.938842][ T7580] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.946514][ T7580] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.976984][ T7580] device bridge_slave_0 entered promiscuous mode [ 284.015592][ T7577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.057387][ T7580] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.064447][ T7580] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.108084][ T7580] device bridge_slave_1 entered promiscuous mode 03:00:51 executing program 3: mkdir(&(0x7f0000000180)='./file1\x00', 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000005c0)=ANY=[@ANYBLOB="2ec5b50cfe46652f52338a5159c49495f302c765158037ee5dae4e632e63164f3d137edc70768782886ae65f4d501d809792f7d59d20dde6d02d766de382fa87b451b9c84de5c9850370d2957fdc7d15bb26fe3c063d00218b2de91abfb8f5ad1debb3907e5fbcf50936bdd2d80d63d6e7d741a6e9598e2d2ac41f2266979c6fe0c5af953259d9a5ba25ea1f330e38"], 0x1) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/btrfs-control\x00', 0x282140, 0x0) symlink(&(0x7f00000000c0)='./file1/file0\x00', &(0x7f0000000100)='./file1/file0\x00') r1 = open$dir(&(0x7f0000000300)='./file1\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(r1, &(0x7f0000000380)='./file1/file0\x00', 0x0) renameat2(r1, &(0x7f0000000000)='./file1/file0\x00', r1, &(0x7f00000001c0)='./file0\x00', 0x2) [ 284.163339][ T7577] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.202350][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 284.216994][ T7606] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.256195][ T7606] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.298188][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 284.337926][ T7580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.388447][ T7580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.427058][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 284.435867][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 284.476551][ T7606] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.483633][ T7606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.553089][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 284.577079][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 284.616412][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.623528][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.656612][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 284.694920][ T7610] IPVS: ftp: loaded support on port[0] = 21 [ 284.713151][ T7580] team0: Port device team_slave_0 added [ 284.720037][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 284.737408][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 284.776706][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 284.807646][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 284.836694][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 284.859316][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 284.897173][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 284.927635][ T7577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 03:00:52 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000400)=ANY=[@ANYBLOB="0600080000100000b31fc10ffaaf041d3bd675bdf94df5a94f091db98e83bc69aacfd7924cd18c94f136"]) r1 = syz_open_procfs(0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000001480)) r2 = getpgid(0xffffffffffffffff) getpgid(r2) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) fdatasync(r3) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') socket$inet6(0xa, 0x3, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000d2c000/0x3000)=nil, 0x3000, &(0x7f0000000480)=""/4096) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f000064b000/0x3000)=nil) munlockall() r4 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000001a40), 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket(0xa, 0x1, 0x0) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x48, &(0x7f0000000180)=0x7fc, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x48, &(0x7f0000000180), 0x4) dup3(r5, 0xffffffffffffffff, 0x40000) getpeername(0xffffffffffffffff, &(0x7f0000005400)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000005480)=0x80) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000001a80)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000001600)=0x18c) ioctl$TIOCLINUX7(r3, 0x541c, &(0x7f0000000240)={0x7, 0x5}) [ 284.963857][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 284.973730][ T7580] team0: Port device team_slave_1 added [ 284.994464][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 285.017761][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 285.026806][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 285.066345][ T7577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.079163][ T7602] chnl_net:caif_netlink_parms(): no params data found [ 285.103085][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 285.116685][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 03:00:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) recvfrom$inet6(r2, &(0x7f0000000300)=""/223, 0xdf, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000159000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10) close(r2) [ 285.238380][ T7580] device hsr_slave_0 entered promiscuous mode [ 285.286318][ T7580] device hsr_slave_1 entered promiscuous mode [ 285.326485][ T7580] debugfs: Directory 'hsr0' with parent '/' already present! [ 285.342152][ T7602] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.356105][ T7602] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.363996][ T7602] device bridge_slave_0 entered promiscuous mode [ 285.392986][ T7624] IPVS: ftp: loaded support on port[0] = 21 [ 285.417594][ T7602] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.424718][ T7602] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.433872][ T7602] device bridge_slave_1 entered promiscuous mode [ 285.515420][ T7602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.558160][ T7628] IPVS: ftp: loaded support on port[0] = 21 [ 285.610931][ T7602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.720799][ T7602] team0: Port device team_slave_0 added [ 285.781014][ T7610] chnl_net:caif_netlink_parms(): no params data found [ 285.792211][ T7602] team0: Port device team_slave_1 added 03:00:52 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x0, 0x0, @stepwise}) [ 285.827670][ T7580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.911443][ T7624] chnl_net:caif_netlink_parms(): no params data found [ 285.998316][ T7602] device hsr_slave_0 entered promiscuous mode [ 286.026451][ T7602] device hsr_slave_1 entered promiscuous mode 03:00:53 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 286.056448][ T7602] debugfs: Directory 'hsr0' with parent '/' already present! [ 286.072404][ T7610] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.096138][ T7610] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.122928][ T7610] device bridge_slave_0 entered promiscuous mode [ 286.174778][ T7580] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.233181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 286.250084][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.280912][ T7610] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.294795][ T7610] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.330624][ T7610] device bridge_slave_1 entered promiscuous mode [ 286.412139][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.435102][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.486676][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.493844][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state 03:00:53 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 286.573546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 286.606595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.649025][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.656116][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.729220][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.763793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.816191][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.823373][ T7624] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.867801][ T7624] device bridge_slave_0 entered promiscuous mode [ 286.924626][ T7580] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 286.975462][ T7580] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.034634][ T7610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 287.081139][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.127068][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.135561][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 03:00:54 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 287.197776][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 287.276910][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.285684][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.365888][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.410844][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.449747][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.494480][ T7624] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.512099][ T7624] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.560732][ T7624] device bridge_slave_1 entered promiscuous mode [ 287.610887][ T7610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 03:00:54 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 287.688518][ T7610] team0: Port device team_slave_0 added [ 287.694670][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.726998][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.753929][ T7580] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.822958][ T7628] chnl_net:caif_netlink_parms(): no params data found [ 287.880777][ T7610] team0: Port device team_slave_1 added [ 287.887097][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 287.896995][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 287.915945][ T7624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 287.991402][ T7628] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.006223][ T7628] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.014169][ T7628] device bridge_slave_0 entered promiscuous mode [ 288.047570][ T7628] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.054712][ T7628] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.087065][ T7628] device bridge_slave_1 entered promiscuous mode [ 288.107722][ T7624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 03:00:55 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 288.201243][ T7602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.235094][ T7628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.341018][ T7610] device hsr_slave_0 entered promiscuous mode [ 288.386314][ T7610] device hsr_slave_1 entered promiscuous mode [ 288.426063][ T7610] debugfs: Directory 'hsr0' with parent '/' already present! [ 288.444364][ T7602] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.453247][ T7628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.472672][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 288.483934][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 288.510315][ T7624] team0: Port device team_slave_0 added [ 288.530988][ T7628] team0: Port device team_slave_0 added [ 288.545014][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 03:00:55 executing program 1: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xd9f, 0x4, {0x1, @win={{}, 0x0, 0x9, 0x0, 0x0, 0x0}}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x5, 0x1, 0x1}) [ 288.563315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 288.573626][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.580755][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.598901][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 288.614495][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 288.623574][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.630737][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.662310][ T7624] team0: Port device team_slave_1 added [ 288.671784][ T7628] team0: Port device team_slave_1 added 03:00:55 executing program 0: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 288.730368][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 288.753328][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 288.775560][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 288.800293][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 288.823794][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 288.834061][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 288.847421][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 288.861250][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 288.872292][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 288.887285][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 288.895797][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 288.961323][ T7628] device hsr_slave_0 entered promiscuous mode [ 289.039467][ T7628] device hsr_slave_1 entered promiscuous mode [ 289.059270][ T7628] debugfs: Directory 'hsr0' with parent '/' already present! [ 289.072473][ T7602] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 289.096756][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 289.128582][ T7624] device hsr_slave_0 entered promiscuous mode [ 289.159332][ T7624] device hsr_slave_1 entered promiscuous mode [ 289.186069][ T7624] debugfs: Directory 'hsr0' with parent '/' already present! [ 289.316603][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 289.324116][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 289.377002][ T7602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.404097][ T7610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.509673][ T7610] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.551070][ T7762] ================================================================== [ 289.559208][ T7762] BUG: KCSAN: data-race in alloc_empty_file / percpu_counter_add_batch [ 289.567432][ T7762] [ 289.569760][ T7762] write to 0xffffffff85a08548 of 8 bytes by task 7774 on cpu 1: [ 289.577395][ T7762] percpu_counter_add_batch+0xca/0x150 [ 289.582861][ T7762] alloc_empty_file+0xd2/0x180 [ 289.587629][ T7762] path_openat+0x74/0x36e0 [ 289.592048][ T7762] do_filp_open+0x11e/0x1b0 [ 289.596558][ T7762] do_sys_open+0x3b3/0x4f0 [ 289.600973][ T7762] __x64_sys_open+0x55/0x70 [ 289.605562][ T7762] do_syscall_64+0xcc/0x370 [ 289.610072][ T7762] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.615947][ T7762] [ 289.618276][ T7762] read to 0xffffffff85a08548 of 8 bytes by task 7762 on cpu 0: [ 289.625828][ T7762] alloc_empty_file+0x2d/0x180 [ 289.630593][ T7762] path_openat+0x74/0x36e0 [ 289.635099][ T7762] do_filp_open+0x11e/0x1b0 [ 289.639609][ T7762] do_sys_open+0x3b3/0x4f0 [ 289.644028][ T7762] __x64_sys_open+0x55/0x70 [ 289.648533][ T7762] do_syscall_64+0xcc/0x370 [ 289.653042][ T7762] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.658919][ T7762] [ 289.661237][ T7762] Reported by Kernel Concurrency Sanitizer on: [ 289.667390][ T7762] CPU: 0 PID: 7762 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 289.674592][ T7762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.684736][ T7762] ================================================================== [ 289.692810][ T7762] Kernel panic - not syncing: panic_on_warn set ... [ 289.699430][ T7762] CPU: 0 PID: 7762 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 289.706614][ T7762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.716673][ T7762] Call Trace: [ 289.719973][ T7762] dump_stack+0x11d/0x181 [ 289.724302][ T7762] panic+0x210/0x640 [ 289.728195][ T7762] ? vprintk_func+0x8d/0x140 [ 289.732792][ T7762] kcsan_report.cold+0xc/0xd [ 289.737390][ T7762] kcsan_setup_watchpoint+0x3fe/0x460 [ 289.742762][ T7762] __tsan_read8+0xc6/0x100 [ 289.747175][ T7762] alloc_empty_file+0x2d/0x180 [ 289.751948][ T7762] path_openat+0x74/0x36e0 [ 289.756373][ T7762] ? __read_once_size.constprop.0+0x12/0x20 [ 289.762273][ T7762] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.768544][ T7762] ? __virt_addr_valid+0x126/0x190 [ 289.773677][ T7762] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.779917][ T7762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.786164][ T7762] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 289.792057][ T7762] ? __read_once_size+0x41/0xe0 [ 289.796906][ T7762] do_filp_open+0x11e/0x1b0 [ 289.801435][ T7762] ? __check_object_size+0x5f/0x346 [ 289.806633][ T7762] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 289.812538][ T7762] ? __alloc_fd+0x2ef/0x3b0 [ 289.817059][ T7762] do_sys_open+0x3b3/0x4f0 [ 289.821483][ T7762] __x64_sys_open+0x55/0x70 [ 289.825986][ T7762] do_syscall_64+0xcc/0x370 [ 289.830497][ T7762] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.836389][ T7762] RIP: 0033:0x7fa7959e1120 [ 289.840814][ T7762] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 289.860414][ T7762] RSP: 002b:00007fff894a5588 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 289.868818][ T7762] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fa7959e1120 [ 289.876781][ T7762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fa795eafd00 [ 289.884748][ T7762] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007fa795ca957b [ 289.892724][ T7762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa795eaed00 [ 289.900688][ T7762] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 289.910226][ T7762] Kernel Offset: disabled [ 289.914573][ T7762] Rebooting in 86400 seconds..