[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 64.462652][ T26] audit: type=1800 audit(1575099817.379:25): pid=8966 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 64.497005][ T26] audit: type=1800 audit(1575099817.389:26): pid=8966 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 64.518738][ T26] audit: type=1800 audit(1575099817.389:27): pid=8966 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts. 2019/11/30 07:43:48 fuzzer started 2019/11/30 07:43:50 dialing manager at 10.128.0.26:36687 2019/11/30 07:43:50 syscalls: 2592 2019/11/30 07:43:50 code coverage: enabled 2019/11/30 07:43:50 comparison tracing: enabled 2019/11/30 07:43:50 extra coverage: enabled 2019/11/30 07:43:50 setuid sandbox: enabled 2019/11/30 07:43:50 namespace sandbox: enabled 2019/11/30 07:43:50 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/30 07:43:50 fault injection: enabled 2019/11/30 07:43:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/30 07:43:50 net packet injection: enabled 2019/11/30 07:43:50 net device setup: enabled 2019/11/30 07:43:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/30 07:43:50 devlink PCI setup: PCI device 0000:00:10.0 is not available 07:46:10 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x24}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) mremap(&(0x7f000090b000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 07:46:10 executing program 1: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) syzkaller login: [ 217.662994][ T9133] IPVS: ftp: loaded support on port[0] = 21 [ 217.852041][ T9133] chnl_net:caif_netlink_parms(): no params data found 07:46:10 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x10128) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000680)=""/120, 0x78}, {&(0x7f0000000300)=""/230, 0xffffff6f}], 0x3}}], 0x1, 0x0, &(0x7f0000008bc0)) [ 217.898983][ T9133] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.907312][ T9133] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.915382][ T9133] device bridge_slave_0 entered promiscuous mode [ 217.926102][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.934095][ T9133] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.958075][ T9133] device bridge_slave_1 entered promiscuous mode [ 218.013013][ T9136] IPVS: ftp: loaded support on port[0] = 21 [ 218.020139][ T9133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.050877][ T9133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.121926][ T9133] team0: Port device team_slave_0 added [ 218.152714][ T9133] team0: Port device team_slave_1 added [ 218.173072][ T9138] IPVS: ftp: loaded support on port[0] = 21 07:46:11 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) [ 218.240589][ T9133] device hsr_slave_0 entered promiscuous mode [ 218.287359][ T9133] device hsr_slave_1 entered promiscuous mode [ 218.483020][ T9141] IPVS: ftp: loaded support on port[0] = 21 07:46:11 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000100)={0x9, 0x0, 0x0, 0x1f}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 218.540711][ T9133] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 218.614027][ T9136] chnl_net:caif_netlink_parms(): no params data found [ 218.635443][ T9133] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 218.744478][ T9133] netdevsim netdevsim0 netdevsim2: renamed from eth2 07:46:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) [ 218.830774][ T9133] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 218.890678][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.898415][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.909861][ T9136] device bridge_slave_0 entered promiscuous mode [ 218.967052][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.974140][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.998198][ T9136] device bridge_slave_1 entered promiscuous mode [ 219.066030][ T9136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.083553][ T9143] IPVS: ftp: loaded support on port[0] = 21 [ 219.115622][ T9136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.125033][ T9138] chnl_net:caif_netlink_parms(): no params data found [ 219.136027][ T9148] IPVS: ftp: loaded support on port[0] = 21 [ 219.220225][ T9141] chnl_net:caif_netlink_parms(): no params data found [ 219.231939][ T9136] team0: Port device team_slave_0 added [ 219.242681][ T9136] team0: Port device team_slave_1 added [ 219.289942][ T9138] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.297342][ T9138] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.305194][ T9138] device bridge_slave_0 entered promiscuous mode [ 219.381051][ T9136] device hsr_slave_0 entered promiscuous mode [ 219.437438][ T9136] device hsr_slave_1 entered promiscuous mode [ 219.497497][ T9136] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.505364][ T9138] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.513299][ T9138] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.521534][ T9138] device bridge_slave_1 entered promiscuous mode [ 219.567481][ T9138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.591113][ T9141] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.602819][ T9141] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.611513][ T9141] device bridge_slave_0 entered promiscuous mode [ 219.620724][ T9138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.652941][ T9138] team0: Port device team_slave_0 added [ 219.659716][ T9141] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.666783][ T9141] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.675553][ T9141] device bridge_slave_1 entered promiscuous mode [ 219.714875][ T9138] team0: Port device team_slave_1 added [ 219.735583][ T9141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.840553][ T9138] device hsr_slave_0 entered promiscuous mode [ 219.907562][ T9138] device hsr_slave_1 entered promiscuous mode [ 219.947226][ T9138] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.956110][ T9141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.016668][ T9148] chnl_net:caif_netlink_parms(): no params data found [ 220.055514][ T9133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.089378][ T9136] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 220.143432][ T9136] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 220.200343][ T9141] team0: Port device team_slave_0 added [ 220.206227][ T9136] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 220.272905][ T9141] team0: Port device team_slave_1 added [ 220.279177][ T9136] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 220.328539][ T9143] chnl_net:caif_netlink_parms(): no params data found [ 220.419214][ T9141] device hsr_slave_0 entered promiscuous mode [ 220.467580][ T9141] device hsr_slave_1 entered promiscuous mode [ 220.527174][ T9141] debugfs: Directory 'hsr0' with parent '/' already present! [ 220.544037][ T9148] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.553757][ T9148] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.562049][ T9148] device bridge_slave_0 entered promiscuous mode [ 220.587580][ T9138] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 220.629486][ T9148] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.636594][ T9148] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.645440][ T9148] device bridge_slave_1 entered promiscuous mode [ 220.679862][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.691992][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.701343][ T9138] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 220.770466][ T9148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.785397][ T9148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.795827][ T9138] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 220.860404][ T9133] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.869446][ T9138] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 220.934781][ T9143] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.942233][ T9143] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.950927][ T9143] device bridge_slave_0 entered promiscuous mode [ 220.971113][ T9148] team0: Port device team_slave_0 added [ 220.985361][ T9143] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.995307][ T9143] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.005098][ T9143] device bridge_slave_1 entered promiscuous mode [ 221.012691][ T9141] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.071409][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.080114][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.088655][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.095942][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.105117][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.115210][ T9148] team0: Port device team_slave_1 added [ 221.139126][ T9141] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.169278][ T9141] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.201094][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.210546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.219293][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.226329][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.235059][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.258641][ T9143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.271075][ T9141] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 221.340137][ T9143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.373597][ T9143] team0: Port device team_slave_0 added [ 221.389846][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.440718][ T9148] device hsr_slave_0 entered promiscuous mode [ 221.497511][ T9148] device hsr_slave_1 entered promiscuous mode [ 221.547148][ T9148] debugfs: Directory 'hsr0' with parent '/' already present! [ 221.557151][ T9143] team0: Port device team_slave_1 added [ 221.584589][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.593463][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.604403][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.627872][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.636542][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.647169][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.655654][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.683837][ T9133] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.699305][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.737648][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.746027][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.760316][ T9148] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 221.799434][ T9148] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 221.844131][ T9148] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 221.913842][ T9148] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 222.010925][ T9143] device hsr_slave_0 entered promiscuous mode [ 222.059211][ T9143] device hsr_slave_1 entered promiscuous mode [ 222.097125][ T9143] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.139207][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 222.146713][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 222.185992][ T9138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.228754][ T9133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.245737][ T9136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.255509][ T9143] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 222.324341][ T9138] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.342521][ T9143] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 222.400875][ T9143] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 222.469478][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.480178][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.505940][ T9141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.521069][ T9143] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 222.565295][ T9136] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.597334][ T9141] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.608692][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.616502][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.624863][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.634305][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.644058][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.651246][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.660354][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.669303][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.678266][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.685446][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.693292][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.701528][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.717180][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.725154][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.734407][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.743369][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.750497][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.782276][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.790577][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.799495][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.808606][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.818135][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.826629][ T9144] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.833752][ T9144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.841846][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.850954][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.859341][ T9144] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.867502][ T9144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.906229][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.914518][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.923409][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.932400][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.941728][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.950869][ T9144] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.957999][ T9144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.965551][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.974427][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.983215][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.992370][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.000935][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.009755][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.018510][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.056121][ T9148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.076326][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.086285][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.095629][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.104736][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.113658][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.122092][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.130648][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.139222][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.148062][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.155788][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.165286][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.173407][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.181909][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.211337][ T9148] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.237227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.246407][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.261323][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.291367][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.302402][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.311804][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.320483][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.328915][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.338156][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.346530][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.353680][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.362068][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.371353][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.381323][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.392999][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 07:46:16 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000000c0)=@v2={0x3, 0x2, 0x11}, 0xa, 0x0) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) [ 223.409160][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.416658][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.462635][ T9138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.487425][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.497217][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.505264][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 223.505279][ T26] audit: type=1804 audit(1575099976.419:31): pid=9160 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir218380829/syzkaller.JfImOC/1/bus" dev="sda1" ino=16519 res=1 [ 223.549668][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.556799][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.558647][ T9160] ima: Can not allocate sm3-256 (reason: -2) [ 223.586564][ T9136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.599921][ T26] audit: type=1800 audit(1575099976.489:32): pid=9160 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16519 res=0 [ 223.620402][ T26] audit: type=1804 audit(1575099976.519:33): pid=9164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir218380829/syzkaller.JfImOC/1/bus" dev="sda1" ino=16519 res=1 [ 223.647248][ T9141] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 223.659135][ T9141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.673074][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.685334][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.694342][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.701971][ T9164] ima: Can not allocate sm3-256 (reason: -2) 07:46:16 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000500)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r2, r2, r3}, &(0x7f0000000280)=""/243, 0x20e, &(0x7f0000000240)={&(0x7f0000000080)={'crct10dif-generic\x00'}}) [ 223.702226][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.717341][ T26] audit: type=1800 audit(1575099976.629:34): pid=9164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16519 res=0 [ 223.737456][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.783059][ T9143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.825957][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.847700][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.863258][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.874996][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.916109][ T9143] 8021q: adding VLAN 0 to HW filter on device team0 07:46:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0x4}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6808890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe0fc1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d2665a8220e0b301f45542d83e05d01a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x68}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x0) [ 223.950888][ C0] hrtimer: interrupt took 62122 ns [ 223.958288][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 07:46:17 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x10128) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000680)=""/120, 0x78}, {&(0x7f0000000300)=""/230, 0xffffff6f}], 0x3}}], 0x1, 0x0, &(0x7f0000008bc0)) [ 224.031600][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.064241][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.114988][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.126293][ T9184] overlayfs: overlapping lowerdir path [ 224.149993][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 07:46:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0x4}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6808890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe0fc1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d2665a8220e0b301f45542d83e05d01a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x68}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x0) [ 224.194959][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.233258][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 07:46:17 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000000)={{0x7fffffff}}) read$eventfd(r0, &(0x7f0000000080), 0x8) [ 224.257541][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.283569][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.292613][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.301383][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state 07:46:17 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x10128) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000680)=""/120, 0x78}, {&(0x7f0000000300)=""/230, 0xffffff6f}], 0x3}}], 0x1, 0x0, &(0x7f0000008bc0)) 07:46:17 executing program 1: r0 = socket$unix(0x1, 0x3, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @sdr={0x0, 0x1}}}) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) dup3(r0, r1, 0x0) [ 224.308586][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state 07:46:17 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, 0x0, &(0x7f00000004c0)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 224.449794][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.534410][ T9148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.618440][ T9141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.635575][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.655697][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.724947][ T9210] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 224.765254][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.786538][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.825789][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.832974][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.876113][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.997651][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 225.014189][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 225.026166][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.043777][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.057152][ T9147] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.071531][ T9148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.108050][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.121969][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.170998][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.199092][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.261239][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.280683][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.299572][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.309577][ T9143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 07:46:18 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r0, 0x0, 0x0}, 0x20) [ 225.359646][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 225.370865][ T9144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 225.396757][ T9143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.743644][ T9243] Bluetooth: hci0: sending frame failed (-49) 07:46:19 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@default_permissions='default_permissions'}]}) [ 226.150302][ T9253] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 227.828687][ T9144] Bluetooth: hci0: command 0x1003 tx timeout [ 227.837601][ T9243] Bluetooth: hci0: sending frame failed (-49) [ 229.907333][ T9147] Bluetooth: hci0: command 0x1001 tx timeout [ 229.914900][ T9243] Bluetooth: hci0: sending frame failed (-49) [ 231.987236][ T9144] Bluetooth: hci0: command 0x1009 tx timeout 07:46:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 07:46:28 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x10128) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000680)=""/120, 0x78}, {&(0x7f0000000300)=""/230, 0xffffff6f}], 0x3}}], 0x1, 0x0, &(0x7f0000008bc0)) 07:46:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0x4}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6808890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe0fc1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d2665a8220e0b301f45542d83e05d01a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x68}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x0) 07:46:28 executing program 3: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffd}, 0x0, 0x8) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x3, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f0000000080)={&(0x7f0000000140), 0x8}) 07:46:28 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, 0x0, &(0x7f00000004c0)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:46:28 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@default_permissions='default_permissions'}]}) 07:46:29 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@default_permissions='default_permissions'}]}) 07:46:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 07:46:29 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd) clone(0x1000108, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$security_selinux(r0, &(0x7f0000000080)='s\x9bcurity\x10\x1f\x02linux\x00', 0x0, 0x0, 0x0) [ 236.208379][ T21] Bluetooth: hci0: Frame reassembly failed (-84) 07:46:29 executing program 2: socket$inet6_udp(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 07:46:29 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@default_permissions='default_permissions'}]}) 07:46:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) [ 236.812288][ T86] Bluetooth: hci1: Frame reassembly failed (-84) [ 238.227041][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 238.235552][ T9297] Bluetooth: hci0: sending frame failed (-49) [ 238.867005][ T9144] Bluetooth: hci1: command 0x1003 tx timeout [ 238.874906][ T9297] Bluetooth: hci1: sending frame failed (-49) [ 240.307171][ T9144] Bluetooth: hci0: command 0x1001 tx timeout [ 240.314034][ T9297] Bluetooth: hci0: sending frame failed (-49) [ 240.947061][ T9144] Bluetooth: hci1: command 0x1001 tx timeout [ 240.953920][ T9297] Bluetooth: hci1: sending frame failed (-49) [ 242.387161][ T17] Bluetooth: hci0: command 0x1009 tx timeout [ 243.027140][ T17] Bluetooth: hci1: command 0x1009 tx timeout 07:46:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 07:46:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0x4}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6808890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe0fc1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d2665a8220e0b301f45542d83e05d01a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x68}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x0) 07:46:39 executing program 4: r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/38, 0x8}, {0x0, 0x39f}, {&(0x7f00000011c0)=""/127, 0x7f}], 0x3) 07:46:39 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, 0x0, &(0x7f00000004c0)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:46:39 executing program 2: socket$inet6_udp(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 246.304132][ T206] Bluetooth: hci0: Frame reassembly failed (-84) 07:46:39 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002700)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x265) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002700)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_MASTER={0x8, 0xa, r8}]}, 0x28}}, 0x0) [ 246.699106][ T9321] bridge1: port 1(syz_tun) entered blocking state [ 246.706162][ T9321] bridge1: port 1(syz_tun) entered disabled state [ 246.724653][ T9321] device syz_tun entered promiscuous mode [ 246.746258][ T9321] device syz_tun left promiscuous mode [ 246.776473][ T9321] bridge1: port 1(syz_tun) entered disabled state 07:46:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 07:46:39 executing program 4: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100), 0xc) openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') read$eventfd(r0, &(0x7f0000000080), 0xff97) 07:46:40 executing program 2: socket$inet6_udp(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 247.141815][ T21] Bluetooth: hci1: Frame reassembly failed (-84) 07:46:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0) 07:46:40 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, 0x0, &(0x7f00000004c0)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:46:40 executing program 4: r0 = epoll_create1(0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f8eff3)='/dev/snd/seq\x00', 0x0, 0x80201) write$sndseq(r1, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000fe3000)) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f000023efa8)={0x80, 0x8}) [ 247.433930][ T9339] XFS (loop0): Mounting V4 Filesystem [ 247.468669][ T9339] XFS (loop0): empty log check failed [ 247.479758][ T9339] XFS (loop0): log mount/recovery failed: error -5 [ 247.547109][ T9339] XFS (loop0): log mount failed [ 247.892844][ T9359] XFS (loop0): Mounting V4 Filesystem [ 247.967518][ T9359] ================================================================== [ 247.976041][ T9359] BUG: KASAN: use-after-free in xlog_alloc_log+0x1386/0x14b0 [ 247.983438][ T9359] Read of size 8 at addr ffff888091abf890 by task syz-executor.0/9359 [ 247.991587][ T9359] [ 247.993933][ T9359] CPU: 0 PID: 9359 Comm: syz-executor.0 Not tainted 5.4.0-next-20191129-syzkaller #0 [ 248.003393][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.013491][ T9359] Call Trace: [ 248.016914][ T9359] dump_stack+0x197/0x210 [ 248.021265][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.026472][ T9359] print_address_description.constprop.0.cold+0xd4/0x30b [ 248.033523][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.038553][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.043641][ T9359] __kasan_report.cold+0x1b/0x41 [ 248.048655][ T9359] ? kvfree+0x20/0x70 [ 248.052625][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.057637][ T9359] kasan_report+0x12/0x20 [ 248.061957][ T9359] __asan_report_load8_noabort+0x14/0x20 [ 248.067576][ T9359] xlog_alloc_log+0x1386/0x14b0 [ 248.072428][ T9359] xfs_log_mount+0xdc/0x780 [ 248.077006][ T9359] xfs_mountfs+0xc35/0x1ca0 [ 248.081527][ T9359] ? xfs_default_resblks+0x60/0x60 [ 248.086704][ T9359] ? init_timer_key+0x13b/0x3a0 [ 248.091553][ T9359] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 248.096913][ T9359] ? xfs_filestream_get_ag+0x60/0x60 [ 248.102206][ T9359] xfs_fc_fill_super+0x84e/0x11c0 [ 248.107305][ T9359] get_tree_bdev+0x414/0x650 [ 248.111880][ T9359] ? xfs_mount_free+0x80/0x80 [ 248.116549][ T9359] xfs_fc_get_tree+0x1d/0x30 [ 248.121133][ T9359] vfs_get_tree+0x8e/0x300 [ 248.125599][ T9359] do_mount+0x135a/0x1b50 [ 248.129922][ T9359] ? copy_mount_string+0x40/0x40 [ 248.134930][ T9359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.141203][ T9359] ? _copy_from_user+0x12c/0x1a0 [ 248.146137][ T9359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.152382][ T9359] ? copy_mount_options+0x2e8/0x3f0 [ 248.157579][ T9359] ksys_mount+0xdb/0x150 [ 248.161809][ T9359] __x64_sys_mount+0xbe/0x150 [ 248.166546][ T9359] do_syscall_64+0xfa/0x790 [ 248.171084][ T9359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.176994][ T9359] RIP: 0033:0x45d0ca [ 248.180882][ T9359] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 248.200499][ T9359] RSP: 002b:00007fcc90262a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 248.208911][ T9359] RAX: ffffffffffffffda RBX: 00007fcc90262b40 RCX: 000000000045d0ca [ 248.216900][ T9359] RDX: 00007fcc90262ae0 RSI: 0000000020000000 RDI: 00007fcc90262b00 [ 248.224869][ T9359] RBP: 0000000000000001 R08: 00007fcc90262b40 R09: 00007fcc90262ae0 [ 248.232829][ T9359] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 248.240788][ T9359] R13: 00000000004ca26c R14: 00000000004e28a8 R15: 00000000ffffffff [ 248.248861][ T9359] [ 248.251206][ T9359] Allocated by task 9359: [ 248.255541][ T9359] save_stack+0x23/0x90 [ 248.259691][ T9359] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 248.265399][ T9359] kasan_kmalloc+0x9/0x10 [ 248.269721][ T9359] __kmalloc+0x163/0x770 [ 248.273965][ T9359] kmem_alloc+0x15b/0x4d0 [ 248.278280][ T9359] xlog_alloc_log+0xcc3/0x14b0 [ 248.283028][ T9359] xfs_log_mount+0xdc/0x780 [ 248.287625][ T9359] xfs_mountfs+0xc35/0x1ca0 [ 248.292117][ T9359] xfs_fc_fill_super+0x84e/0x11c0 [ 248.297143][ T9359] get_tree_bdev+0x414/0x650 [ 248.301714][ T9359] xfs_fc_get_tree+0x1d/0x30 [ 248.306292][ T9359] vfs_get_tree+0x8e/0x300 [ 248.310879][ T9359] do_mount+0x135a/0x1b50 [ 248.315206][ T9359] ksys_mount+0xdb/0x150 [ 248.319436][ T9359] __x64_sys_mount+0xbe/0x150 [ 248.324102][ T9359] do_syscall_64+0xfa/0x790 [ 248.328593][ T9359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.334461][ T9359] [ 248.336779][ T9359] Freed by task 9359: [ 248.340749][ T9359] save_stack+0x23/0x90 [ 248.344890][ T9359] __kasan_slab_free+0x102/0x150 [ 248.349838][ T9359] kasan_slab_free+0xe/0x10 [ 248.354325][ T9359] kfree+0x10a/0x2c0 [ 248.358223][ T9359] kvfree+0x61/0x70 [ 248.362219][ T9359] xlog_alloc_log+0xeaa/0x14b0 [ 248.367015][ T9359] xfs_log_mount+0xdc/0x780 [ 248.371507][ T9359] xfs_mountfs+0xc35/0x1ca0 [ 248.375992][ T9359] xfs_fc_fill_super+0x84e/0x11c0 [ 248.381011][ T9359] get_tree_bdev+0x414/0x650 [ 248.385594][ T9359] xfs_fc_get_tree+0x1d/0x30 [ 248.390186][ T9359] vfs_get_tree+0x8e/0x300 [ 248.394589][ T9359] do_mount+0x135a/0x1b50 [ 248.398914][ T9359] ksys_mount+0xdb/0x150 [ 248.403152][ T9359] __x64_sys_mount+0xbe/0x150 [ 248.407836][ T9359] do_syscall_64+0xfa/0x790 [ 248.412348][ T9359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.418218][ T9359] [ 248.420531][ T9359] The buggy address belongs to the object at ffff888091abf800 [ 248.420531][ T9359] which belongs to the cache kmalloc-1k of size 1024 [ 248.434595][ T9359] The buggy address is located 144 bytes inside of [ 248.434595][ T9359] 1024-byte region [ffff888091abf800, ffff888091abfc00) [ 248.447965][ T9359] The buggy address belongs to the page: [ 248.453611][ T9359] page:ffffea000246afc0 refcount:1 mapcount:0 mapping:ffff8880aa000c40 index:0x0 [ 248.462720][ T9359] raw: 00fffe0000000200 ffffea0002386e48 ffffea0002809bc8 ffff8880aa000c40 [ 248.471331][ T9359] raw: 0000000000000000 ffff888091abf000 0000000100000002 0000000000000000 [ 248.479940][ T9359] page dumped because: kasan: bad access detected [ 248.486356][ T9359] [ 248.488687][ T9359] Memory state around the buggy address: [ 248.494321][ T9359] ffff888091abf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 248.502410][ T9359] ffff888091abf800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.510462][ T9359] >ffff888091abf880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.518505][ T9359] ^ [ 248.523080][ T9359] ffff888091abf900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.531138][ T9359] ffff888091abf980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.539186][ T9359] ================================================================== [ 248.547235][ T9359] Disabling lock debugging due to kernel taint [ 248.555364][ T2925] Bluetooth: hci0: command 0x1003 tx timeout [ 248.561755][ T9297] Bluetooth: hci0: sending frame failed (-49) [ 248.568429][ T9359] Kernel panic - not syncing: panic_on_warn set ... [ 248.575038][ T9359] CPU: 0 PID: 9359 Comm: syz-executor.0 Tainted: G B 5.4.0-next-20191129-syzkaller #0 [ 248.585878][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.595943][ T9359] Call Trace: [ 248.596189][ T4092] kobject: 'loop2' (00000000f6be2876): kobject_uevent_env [ 248.599238][ T9359] dump_stack+0x197/0x210 [ 248.599345][ T9359] panic+0x2e3/0x75c [ 248.599362][ T9359] ? add_taint.cold+0x16/0x16 [ 248.608955][ T4092] kobject: 'loop2' (00000000f6be2876): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 248.610775][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.610795][ T9359] ? preempt_schedule+0x4b/0x60 [ 248.639335][ T9359] ? ___preempt_schedule+0x16/0x18 [ 248.644545][ T9359] ? trace_hardirqs_on+0x5e/0x240 [ 248.649568][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.654577][ T9359] end_report+0x47/0x4f [ 248.658716][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.663751][ T9359] __kasan_report.cold+0xe/0x41 [ 248.668590][ T9359] ? kvfree+0x20/0x70 [ 248.672556][ T9359] ? xlog_alloc_log+0x1386/0x14b0 [ 248.677614][ T9359] kasan_report+0x12/0x20 [ 248.681955][ T9359] __asan_report_load8_noabort+0x14/0x20 [ 248.687578][ T9359] xlog_alloc_log+0x1386/0x14b0 [ 248.692424][ T9359] xfs_log_mount+0xdc/0x780 [ 248.696945][ T9359] xfs_mountfs+0xc35/0x1ca0 [ 248.701480][ T9359] ? xfs_default_resblks+0x60/0x60 [ 248.706575][ T9359] ? init_timer_key+0x13b/0x3a0 [ 248.711420][ T9359] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 248.716788][ T9359] ? xfs_filestream_get_ag+0x60/0x60 [ 248.722205][ T9359] xfs_fc_fill_super+0x84e/0x11c0 [ 248.727222][ T9359] get_tree_bdev+0x414/0x650 [ 248.731874][ T9359] ? xfs_mount_free+0x80/0x80 [ 248.736583][ T9359] xfs_fc_get_tree+0x1d/0x30 [ 248.741176][ T9359] vfs_get_tree+0x8e/0x300 [ 248.745610][ T9359] do_mount+0x135a/0x1b50 [ 248.749969][ T9359] ? copy_mount_string+0x40/0x40 [ 248.754888][ T9359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.761110][ T9359] ? _copy_from_user+0x12c/0x1a0 [ 248.766036][ T9359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.772258][ T9359] ? copy_mount_options+0x2e8/0x3f0 [ 248.777438][ T9359] ksys_mount+0xdb/0x150 [ 248.781663][ T9359] __x64_sys_mount+0xbe/0x150 [ 248.786416][ T9359] do_syscall_64+0xfa/0x790 [ 248.790917][ T9359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.796802][ T9359] RIP: 0033:0x45d0ca [ 248.800678][ T9359] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 248.820290][ T9359] RSP: 002b:00007fcc90262a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 248.828683][ T9359] RAX: ffffffffffffffda RBX: 00007fcc90262b40 RCX: 000000000045d0ca [ 248.836639][ T9359] RDX: 00007fcc90262ae0 RSI: 0000000020000000 RDI: 00007fcc90262b00 [ 248.844596][ T9359] RBP: 0000000000000001 R08: 00007fcc90262b40 R09: 00007fcc90262ae0 [ 248.852556][ T9359] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 248.860518][ T9359] R13: 00000000004ca26c R14: 00000000004e28a8 R15: 00000000ffffffff [ 248.869886][ T9359] Kernel Offset: disabled [ 248.874225][ T9359] Rebooting in 86400 seconds..