[ 66.306093][ T27] audit: type=1800 audit(1564964383.596:27): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 66.336241][ T27] audit: type=1800 audit(1564964383.606:28): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.893265][ T27] audit: type=1800 audit(1564964384.256:29): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 66.913684][ T27] audit: type=1800 audit(1564964384.256:30): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2019/08/05 00:19:54 fuzzer started 2019/08/05 00:19:56 dialing manager at 10.128.0.26:41727 2019/08/05 00:19:57 syscalls: 2484 2019/08/05 00:19:57 code coverage: enabled 2019/08/05 00:19:57 comparison tracing: enabled 2019/08/05 00:19:57 extra coverage: extra coverage is not supported by the kernel 2019/08/05 00:19:57 setuid sandbox: enabled 2019/08/05 00:19:57 namespace sandbox: enabled 2019/08/05 00:19:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/05 00:19:57 fault injection: enabled 2019/08/05 00:19:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/05 00:19:57 net packet injection: enabled 2019/08/05 00:19:57 net device setup: enabled 00:21:22 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, r0) io_setup(0x0, &(0x7f0000000240)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') preadv(r1, &(0x7f00000017c0), 0x199, 0x0) 00:21:22 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 165.364962][T10164] IPVS: ftp: loaded support on port[0] = 21 [ 165.436538][T10166] IPVS: ftp: loaded support on port[0] = 21 00:21:22 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x2, 0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) write$UHID_CREATE(r0, &(0x7f0000000580)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 165.517361][T10164] chnl_net:caif_netlink_parms(): no params data found [ 165.632447][T10164] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.639538][T10164] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.661928][T10164] device bridge_slave_0 entered promiscuous mode [ 165.679836][T10166] chnl_net:caif_netlink_parms(): no params data found [ 165.713129][T10164] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.721167][T10164] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.729067][T10164] device bridge_slave_1 entered promiscuous mode [ 165.749481][T10166] bridge0: port 1(bridge_slave_0) entered blocking state 00:21:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x125, 0x0, 0x0, {{}, 0x0, 0x400b, 0x0, {0x18, 0x17, {0x0, 0x0, @udp='udp:syz1\x00'}}}}, 0x34}}, 0x0) [ 165.758632][T10166] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.770722][T10166] device bridge_slave_0 entered promiscuous mode [ 165.783750][T10170] IPVS: ftp: loaded support on port[0] = 21 [ 165.798138][T10164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.812831][T10166] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.821969][T10166] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.829802][T10166] device bridge_slave_1 entered promiscuous mode [ 165.840393][T10164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.895664][T10166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.906612][T10164] team0: Port device team_slave_0 added [ 165.924892][T10166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.930920][T10172] IPVS: ftp: loaded support on port[0] = 21 [ 165.936838][T10164] team0: Port device team_slave_1 added 00:21:23 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, 0x0) [ 166.043779][T10164] device hsr_slave_0 entered promiscuous mode [ 166.101514][T10164] device hsr_slave_1 entered promiscuous mode 00:21:23 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="ab553fec94248c32e27d0498a100008a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cachefiles\x00', 0x80000, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xfe0f}], 0x1}}], 0x1, 0x0, 0x0) [ 166.208925][T10166] team0: Port device team_slave_0 added [ 166.217907][T10174] IPVS: ftp: loaded support on port[0] = 21 [ 166.259953][T10166] team0: Port device team_slave_1 added [ 166.281552][T10164] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.288677][T10164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.296116][T10164] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.303205][T10164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.319844][T10170] chnl_net:caif_netlink_parms(): no params data found [ 166.391860][T10166] device hsr_slave_0 entered promiscuous mode [ 166.450568][T10166] device hsr_slave_1 entered promiscuous mode [ 166.510336][T10166] debugfs: Directory 'hsr0' with parent '/' already present! [ 166.556409][T10177] IPVS: ftp: loaded support on port[0] = 21 [ 166.564110][ T2980] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.582457][ T2980] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.605632][T10170] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.612867][T10170] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.621259][T10170] device bridge_slave_0 entered promiscuous mode [ 166.654212][T10170] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.661848][T10170] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.669523][T10170] device bridge_slave_1 entered promiscuous mode [ 166.745140][T10170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.758191][T10170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.785062][T10170] team0: Port device team_slave_0 added [ 166.792454][T10170] team0: Port device team_slave_1 added [ 166.816090][T10172] chnl_net:caif_netlink_parms(): no params data found [ 166.892805][T10170] device hsr_slave_0 entered promiscuous mode [ 166.950588][T10170] device hsr_slave_1 entered promiscuous mode [ 166.990717][T10170] debugfs: Directory 'hsr0' with parent '/' already present! [ 167.002037][T10174] chnl_net:caif_netlink_parms(): no params data found [ 167.024049][T10164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.107822][T10172] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.115810][T10172] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.123747][T10172] device bridge_slave_0 entered promiscuous mode [ 167.132299][T10177] chnl_net:caif_netlink_parms(): no params data found [ 167.142724][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.150432][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.163334][T10164] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.177035][T10172] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.185031][T10172] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.192796][T10172] device bridge_slave_1 entered promiscuous mode [ 167.214902][T10172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.225567][T10172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.244113][T10174] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.251656][T10174] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.259462][T10174] device bridge_slave_0 entered promiscuous mode [ 167.267037][T10174] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.274162][T10174] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.282058][T10174] device bridge_slave_1 entered promiscuous mode [ 167.305019][T10174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.327078][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.335749][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.344242][T10178] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.351718][T10178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.361013][T10174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.386841][T10172] team0: Port device team_slave_0 added [ 167.394105][T10172] team0: Port device team_slave_1 added [ 167.413361][T10174] team0: Port device team_slave_0 added [ 167.420984][T10174] team0: Port device team_slave_1 added [ 167.443572][T10177] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.450777][T10177] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.458447][T10177] device bridge_slave_0 entered promiscuous mode [ 167.465996][T10177] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.473738][T10177] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.481352][T10177] device bridge_slave_1 entered promiscuous mode [ 167.532969][T10174] device hsr_slave_0 entered promiscuous mode [ 167.590630][T10174] device hsr_slave_1 entered promiscuous mode [ 167.630298][T10174] debugfs: Directory 'hsr0' with parent '/' already present! [ 167.656602][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.665226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.673676][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.680751][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.688205][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.752998][T10172] device hsr_slave_0 entered promiscuous mode [ 167.810522][T10172] device hsr_slave_1 entered promiscuous mode [ 167.850351][T10172] debugfs: Directory 'hsr0' with parent '/' already present! [ 167.859264][T10177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.871389][T10166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.880665][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.890308][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.898734][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.907514][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.916251][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.924821][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.942334][T10177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.962403][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.971990][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.979989][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.988793][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.996998][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.004649][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.021563][T10164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.031000][T10166] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.059656][T10174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.075572][T10177] team0: Port device team_slave_0 added [ 168.082887][T10177] team0: Port device team_slave_1 added [ 168.102808][T10170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.120446][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.128164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.136288][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.144794][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.153083][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.160103][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.171446][T10174] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.189428][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.206221][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.214977][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.223730][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.230820][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.238529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.247349][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.255696][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.262735][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.270680][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.282576][T10170] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.343008][T10177] device hsr_slave_0 entered promiscuous mode [ 168.370564][T10177] device hsr_slave_1 entered promiscuous mode [ 168.410372][T10177] debugfs: Directory 'hsr0' with parent '/' already present! [ 168.421435][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.428945][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.436673][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.445205][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.453769][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.462447][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.471018][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.478057][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.499554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.508134][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.516722][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.525614][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.533937][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.540988][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.548436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.557311][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.565746][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.574217][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.582723][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.589743][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.597408][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.605824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.618207][T10164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.631418][T10180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.648776][T10166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 168.659259][T10166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.676466][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.689728][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.698049][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.706922][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.715562][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.723774][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.732017][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.740685][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.748956][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.757671][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.766441][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.774088][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.789218][T10174] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 168.800376][T10174] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.836522][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.845663][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.853985][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.863977][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.872323][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.880745][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.889144][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.897571][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.905965][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.914329][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.922748][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.931440][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.939144][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.959130][T10172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.970129][T10170] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.983706][T10170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.011421][T10174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.018573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.029909][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.046633][T10172] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.059522][T10166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.077099][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.086613][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.125045][T10170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.134156][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.154002][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.178902][T10178] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.186061][T10178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.194910][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.203901][ C0] hrtimer: interrupt took 25532 ns [ 169.204685][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.218287][T10178] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.225371][T10178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.233342][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.242348][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.253745][T10177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.269617][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.297522][T10177] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.312889][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.322264][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.339956][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 00:21:26 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) mount$9p_tcp(0x0, 0x0, &(0x7f0000000540)='9p\x00', 0x400, 0x0) [ 169.351648][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.360181][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.371289][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.379678][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.389373][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.398864][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.410969][ T2980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.426182][T10172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.458318][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.483465][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 00:21:26 executing program 4: ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) accept4(r1, &(0x7f0000000300)=@ax25={{0x3, @null}, [@rose, @null, @null, @remote, @default, @null, @bcast, @netrom]}, &(0x7f0000000380)=0x80, 0x80000) [ 169.501898][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.517807][T10178] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.524943][T10178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.536890][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 00:21:26 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x73) dup2(r0, r1) [ 169.555368][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.575029][T10178] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.582148][T10178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.593681][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.602407][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.604322][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 169.620604][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.639392][T10177] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 00:21:27 executing program 0: socketpair(0x3, 0x5, 0x3, &(0x7f00000016c0)) socketpair(0x0, 0x80f, 0x2, &(0x7f00000018c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000001740)={r0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f0000000000)=@nl=@unspec={0x2001001000000000}, 0x80, 0x0, 0x0, &(0x7f0000001940)=ANY=[@ANYBLOB="140000000000f0d4d8e43700f18105005211fd2d1ec5500b16de8972787fbb958f57edf7dd98399c59d073c817c13db2fc7f68e3649cf00e122fa429b6fd6ec85d16dbd4253eb652e37cbecdf24815e0a525f7f7af057dd499012a0c770f988b8615cfcce56dcd1fc93201813b2194db166b10690dff2971cb67a8fcbd92353dfd3c9f8f84789b959ded1499960000000009570fb1860f00001a938fd4d7e9a8f22458b459feafd3e354e3"], 0xab}, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2040) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000014c0)=0x20, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x0, 0x300) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001580)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000001480)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001500)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000001800)='rdma.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r4) r6 = openat$cgroup_ro(r5, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f00000015c0)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001880)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f00000002c0)) r7 = socket$kcm(0x10, 0x3, 0x10) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 169.699425][T10177] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.726971][T10224] hfs: can't find a HFS filesystem on dev loop1 [ 169.765487][T10172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.801205][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 00:21:27 executing program 4: ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) accept4(r1, &(0x7f0000000300)=@ax25={{0x3, @null}, [@rose, @null, @null, @remote, @default, @null, @bcast, @netrom]}, &(0x7f0000000380)=0x80, 0x80000) 00:21:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 169.809825][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.819860][T10228] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.0'. [ 169.860089][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.921090][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.929500][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.941537][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 169.957757][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.962855][T10239] hfs: can't find a HFS filesystem on dev loop1 [ 169.978981][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.000861][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.009545][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.017614][T10178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 00:21:27 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, 0x0) [ 170.114563][T10247] UHID_CREATE from different security context by process 2 (syz-executor.2), this is not allowed. 00:21:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:21:27 executing program 4: ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) accept4(r1, &(0x7f0000000300)=@ax25={{0x3, @null}, [@rose, @null, @null, @remote, @default, @null, @bcast, @netrom]}, &(0x7f0000000380)=0x80, 0x80000) [ 170.274308][T10177] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.369132][T10228] syz-executor.0 (10228) used greatest stack depth: 23608 bytes left [ 170.378850][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 170.422304][T10260] hfs: can't find a HFS filesystem on dev loop1 [ 275.480312][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 275.487124][ C0] rcu: 0-...!: (10501 ticks this GP) idle=676/1/0x4000000000000002 softirq=10042/10042 fqs=0 [ 275.497440][ C0] (t=10502 jiffies g=11093 q=221) [ 275.502549][ C0] rcu: rcu_preempt kthread starved for 10503 jiffies! g11093 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 275.514005][ C0] rcu: RCU grace-period kthread stack dump: [ 275.519891][ C0] rcu_preempt I29392 10 2 0x80004000 [ 275.526226][ C0] Call Trace: [ 275.529656][ C0] __schedule+0x755/0x15b0 [ 275.534080][ C0] ? __sched_text_start+0x8/0x8 [ 275.539037][ C0] schedule+0xa8/0x270 [ 275.543156][ C0] schedule_timeout+0x486/0xc50 [ 275.548267][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 275.553290][ C0] ? usleep_range+0x170/0x170 [ 275.558014][ C0] ? trace_hardirqs_on+0x67/0x240 [ 275.563200][ C0] ? __kasan_check_read+0x11/0x20 [ 275.568253][ C0] ? __next_timer_interrupt+0x1a0/0x1a0 [ 275.573849][ C0] ? swake_up_one+0x60/0x60 [ 275.578872][ C0] ? trace_hardirqs_on+0x67/0x240 [ 275.583952][ C0] rcu_gp_kthread+0x9b2/0x18c0 [ 275.588805][ C0] ? rcu_barrier+0x310/0x310 [ 275.593392][ C0] ? trace_hardirqs_on+0x67/0x240 [ 275.598680][ C0] ? __kasan_check_read+0x11/0x20 [ 275.603774][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 275.610480][ C0] ? __kthread_parkme+0x108/0x1c0 [ 275.615616][ C0] ? __kasan_check_read+0x11/0x20 [ 275.620634][ C0] kthread+0x361/0x430 [ 275.624974][ C0] ? rcu_barrier+0x310/0x310 [ 275.629571][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 275.635808][ C0] ret_from_fork+0x24/0x30 [ 275.640388][ C0] NMI backtrace for cpu 0 [ 275.644763][ C0] CPU: 0 PID: 10258 Comm: syz-executor.4 Not tainted 5.3.0-rc2-next-20190802 #58 [ 275.653860][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.663910][ C0] Call Trace: [ 275.667186][ C0] [ 275.670110][ C0] dump_stack+0x172/0x1f0 [ 275.674441][ C0] nmi_cpu_backtrace.cold+0x70/0xb2 [ 275.679634][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 275.685959][ C0] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 275.691595][ C0] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 275.697578][ C0] arch_trigger_cpumask_backtrace+0x14/0x20 [ 275.703574][ C0] rcu_dump_cpu_stacks+0x183/0x1cf [ 275.708699][ C0] rcu_sched_clock_irq.cold+0x4dd/0xc13 [ 275.714374][ C0] ? raise_softirq+0x138/0x340 [ 275.719165][ C0] update_process_times+0x32/0x80 [ 275.724654][ C0] tick_sched_handle+0xa2/0x190 [ 275.729499][ C0] tick_sched_timer+0x53/0x140 [ 275.734260][ C0] __hrtimer_run_queues+0x364/0xe40 [ 275.739568][ C0] ? tick_sched_do_timer+0x1b0/0x1b0 [ 275.744851][ C0] ? hrtimer_sleeper_start_expires+0x90/0x90 [ 275.750828][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 275.756627][ C0] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 275.762725][ C0] hrtimer_interrupt+0x314/0x770 [ 275.767761][ C0] smp_apic_timer_interrupt+0x160/0x610 [ 275.773302][ C0] apic_timer_interrupt+0xf/0x20 [ 275.778255][ C0] RIP: 0010:__kasan_check_read+0x1/0x20 [ 275.783809][ C0] Code: 29 bc ae ff 0f 0b 4c 8b 4d d0 e9 27 ee ff ff 48 8b 73 58 89 c2 48 c7 c7 a0 c2 89 88 f7 da e8 0a bc ae ff e9 da ee ff ff 90 55 <89> f6 31 d2 48 89 e5 48 8b 4d 08 e8 cf 26 00 00 5d c3 0f 1f 00 66 [ 275.803439][ C0] RSP: 0018:ffff8880ae809200 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 275.812057][ C0] RAX: 0000000000000000 RBX: ffff8880a45e2d88 RCX: ffffffff8158f457 [ 275.820028][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880a45e2d88 [ 275.828714][ C0] RBP: ffff8880ae8092d0 R08: 1ffff110148bc5b1 R09: ffffed10148bc5b2 [ 275.837555][ C0] R10: ffffed10148bc5b1 R11: ffff8880a45e2d8b R12: 0000000000000001 [ 275.845516][ C0] R13: 0000000000000003 R14: ffffed10148bc5b1 R15: 0000000000000001 [ 275.853600][ C0] ? apic_timer_interrupt+0xa/0x20 [ 275.858729][ C0] ? native_queued_spin_lock_slowpath+0xb7/0x9f0 [ 275.865081][ C0] ? native_queued_spin_lock_slowpath+0xb7/0x9f0 [ 275.871402][ C0] ? ret_from_intr+0xb/0x1e [ 275.875927][ C0] ? __pv_queued_spin_lock_slowpath+0xd10/0xd10 [ 275.882166][ C0] ? mark_held_locks+0xf0/0xf0 [ 275.886924][ C0] do_raw_spin_lock+0x20e/0x2e0 [ 275.891768][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 275.896782][ C0] ? lock_acquire+0x190/0x410 [ 275.901547][ C0] ? release_sock+0x20/0x1c0 [ 275.906141][ C0] _raw_spin_lock_bh+0x3b/0x50 [ 275.910903][ C0] ? release_sock+0x20/0x1c0 [ 275.915603][ C0] release_sock+0x20/0x1c0 [ 275.920096][ C0] wait_on_pending_writer+0x20f/0x420 [ 275.925472][ C0] ? retint_kernel+0x2b/0x2b [ 275.930067][ C0] ? tls_init+0x560/0x560 [ 275.934395][ C0] ? prepare_to_wait_exclusive+0x320/0x320 [ 275.940285][ C0] ? __this_cpu_preempt_check+0x31/0x210 [ 275.945919][ C0] ? __this_cpu_preempt_check+0x3a/0x210 [ 275.951559][ C0] tls_sk_proto_cleanup+0x2c5/0x3e0 [ 275.956772][ C0] ? wait_on_pending_writer+0x420/0x420 [ 275.962327][ C0] ? trace_hardirqs_on+0x5e/0x240 [ 275.967393][ C0] ? arch_local_irq_restore+0x35/0x60 [ 275.972783][ C0] tls_sk_proto_unhash+0x90/0x3f0 [ 275.977884][ C0] tcp_set_state+0x5b9/0x7d0 [ 275.982474][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 275.988721][ C0] ? __sk_mem_reduce_allocated+0x1b0/0x560 [ 275.994606][ C0] ? tcp_alloc_md5sig_pool+0x4a0/0x4a0 [ 276.000058][ C0] ? __sk_mem_reclaim+0x55/0x70 [ 276.004916][ C0] ? tcp_write_queue_purge+0x5d8/0x1310 [ 276.010456][ C0] ? __this_cpu_preempt_check+0x3a/0x210 [ 276.016083][ C0] ? retint_kernel+0x2b/0x2b [ 276.020667][ C0] tcp_done+0xe2/0x320 [ 276.024755][ C0] tcp_reset+0x132/0x500 [ 276.029024][ C0] tcp_validate_incoming+0xa2d/0x1660 [ 276.034393][ C0] tcp_rcv_established+0x6b5/0x1e70 [ 276.039586][ C0] ? mark_held_locks+0xf0/0xf0 [ 276.044429][ C0] ? sk_filter_trim_cap+0x45f/0xb30 [ 276.049645][ C0] ? tcp_data_queue+0x4860/0x4860 [ 276.054669][ C0] ? do_raw_spin_lock+0x12a/0x2e0 [ 276.059688][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 276.064617][ C0] ? lock_acquire+0x190/0x410 [ 276.069341][ C0] tcp_v6_do_rcv+0x41e/0x12c0 [ 276.074017][ C0] tcp_v6_rcv+0x31f1/0x3500 [ 276.078524][ C0] ? tcp_v6_syn_recv_sock+0x2290/0x2290 [ 276.084118][ C0] ? nf_confirm+0x360/0x4d0 [ 276.088619][ C0] ? mark_held_locks+0xf0/0xf0 [ 276.093438][ C0] ip6_protocol_deliver_rcu+0x2fe/0x1660 [ 276.099150][ C0] ip6_input_finish+0x84/0x170 [ 276.103930][ C0] ip6_input+0xe4/0x3f0 [ 276.108104][ C0] ? ip6_input_finish+0x170/0x170 [ 276.113148][ C0] ? __kasan_check_read+0x11/0x20 [ 276.118175][ C0] ? ip6_protocol_deliver_rcu+0x1660/0x1660 [ 276.124065][ C0] ? lock_downgrade+0x920/0x920 [ 276.128915][ C0] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 276.135235][ C0] ip6_rcv_finish+0x1de/0x2f0 [ 276.139918][ C0] ipv6_rcv+0x10e/0x420 [ 276.144074][ C0] ? ip6_rcv_core.isra.0+0x1bb0/0x1bb0 [ 276.149535][ C0] ? ip6_rcv_finish_core.isra.0+0x560/0x560 [ 276.155554][ C0] ? kvm_sched_clock_read+0x9/0x20 [ 276.160696][ C0] ? sched_clock+0x2e/0x50 [ 276.165109][ C0] ? ip6_rcv_core.isra.0+0x1bb0/0x1bb0 [ 276.170682][ C0] __netif_receive_skb_one_core+0x113/0x1a0 [ 276.176575][ C0] ? __netif_receive_skb_core+0x3060/0x3060 [ 276.182469][ C0] ? lock_acquire+0x190/0x410 [ 276.187147][ C0] ? process_backlog+0x195/0x750 [ 276.192086][ C0] __netif_receive_skb+0x2c/0x1d0 [ 276.197103][ C0] process_backlog+0x206/0x750 [ 276.201878][ C0] net_rx_action+0x508/0x10c0 [ 276.206561][ C0] ? napi_complete_done+0x4b0/0x4b0 [ 276.211751][ C0] ? sched_clock+0x2e/0x50 [ 276.216243][ C0] ? kvm_clock_read+0x18/0x30 [ 276.221058][ C0] ? ip6_finish_output2+0x106d/0x2520 [ 276.226429][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 276.232663][ C0] __do_softirq+0x262/0x98c [ 276.237657][ C0] ? ip6_finish_output2+0x106d/0x2520 [ 276.243034][ C0] do_softirq_own_stack+0x2a/0x40 [ 276.248041][ C0] [ 276.250971][ C0] do_softirq.part.0+0x11a/0x170 [ 276.257261][ C0] __local_bh_enable_ip+0x211/0x270 [ 276.264463][ C0] ip6_finish_output2+0x10a0/0x2520 [ 276.269700][ C0] ? ip6_forward_finish+0x530/0x530 [ 276.274948][ C0] ? ip6_mtu+0x16f/0x460 [ 276.279197][ C0] __ip6_finish_output+0x444/0xa50 [ 276.284299][ C0] ? __ip6_finish_output+0x444/0xa50 [ 276.289581][ C0] ip6_finish_output+0x38/0x1f0 [ 276.294440][ C0] ip6_output+0x235/0x7c0 [ 276.298851][ C0] ? ip6_finish_output+0x1f0/0x1f0 [ 276.304132][ C0] ? __ip6_finish_output+0xa50/0xa50 [ 276.309524][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 276.315285][ C0] ? nf_hook_slow+0xf0/0x1e0 [ 276.319887][ C0] ip6_xmit+0xe35/0x1fe0 [ 276.324125][ C0] ? inet6_csk_route_socket+0xb3e/0xe80 [ 276.334541][ C0] ? ip6_finish_output2+0x2520/0x2520 [ 276.339911][ C0] ? trace_hardirqs_on_caller+0x6a/0x240 [ 276.345545][ C0] ? ip6_fraglist_init+0x8a0/0x8a0 [ 276.350651][ C0] ? __this_cpu_preempt_check+0x3a/0x210 [ 276.356284][ C0] ? retint_kernel+0x2b/0x2b [ 276.360897][ C0] inet6_csk_xmit+0x2fb/0x5ba [ 276.365579][ C0] ? inet6_csk_update_pmtu+0x190/0x190 [ 276.371081][ C0] __tcp_transmit_skb+0x1a38/0x3830 [ 276.376278][ C0] ? __tcp_select_window+0x8a0/0x8a0 [ 276.381561][ C0] ? trace_hardirqs_on+0x67/0x240 [ 276.387101][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 276.392811][ C0] ? ktime_get+0x202/0x2f0 [ 276.397226][ C0] tcp_send_active_reset+0x43a/0x910 [ 276.402514][ C0] tcp_close+0x5b1/0x10e0 [ 276.406839][ C0] ? down_write+0x90/0x150 [ 276.411313][ C0] inet_release+0xed/0x200 [ 276.415729][ C0] inet6_release+0x53/0x80 [ 276.420179][ C0] __sock_release+0xce/0x280 [ 276.424770][ C0] sock_close+0x1e/0x30 [ 276.429001][ C0] __fput+0x2ff/0x890 [ 276.432982][ C0] ? __sock_release+0x280/0x280 [ 276.437824][ C0] ____fput+0x16/0x20 [ 276.441802][ C0] task_work_run+0x145/0x1c0 [ 276.446450][ C0] exit_to_usermode_loop+0x316/0x380 [ 276.451737][ C0] do_syscall_64+0x65f/0x760 [ 276.456321][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.462206][ C0] RIP: 0033:0x459829 [ 276.466099][ C0] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.485872][ C0] RSP: 002b:00007f8dbead7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 276.494458][ C0] RAX: fffffffffffffff2 RBX: 0000000000000004 RCX: 0000000000459829 [ 276.502423][ C0] RDX: 0000000020000380 RSI: 0000000020000300 RDI: 0000000000000005 [ 276.510474][ C0] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 276.518443][ C0] R10: 0000000000080000 R11: 0000000000000246 R12: 00007f8dbead86d4 [ 276.526429][ C0] R13: 00000000004bf763 R14: 00000000004d10b0 R15: 00000000ffffffff