[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 46.565948][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 46.565963][ T26] audit: type=1800 audit(1575951859.745:29): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 46.597157][ T26] audit: type=1800 audit(1575951859.745:30): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. 2019/12/10 04:24:26 fuzzer started 2019/12/10 04:24:28 dialing manager at 10.128.0.105:43773 2019/12/10 04:24:29 syscalls: 2689 2019/12/10 04:24:29 code coverage: enabled 2019/12/10 04:24:29 comparison tracing: enabled 2019/12/10 04:24:29 extra coverage: extra coverage is not supported by the kernel 2019/12/10 04:24:29 setuid sandbox: enabled 2019/12/10 04:24:29 namespace sandbox: enabled 2019/12/10 04:24:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/10 04:24:29 fault injection: enabled 2019/12/10 04:24:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/10 04:24:29 net packet injection: enabled 2019/12/10 04:24:29 net device setup: enabled 2019/12/10 04:24:29 concurrency sanitizer: enabled 2019/12/10 04:24:29 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 56.961149][ T7823] KCSAN: could not find function: 'may_open' [ 61.039260][ T7823] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/10 04:24:34 adding functions to KCSAN blacklist: 'find_next_bit' 'may_open' 'generic_write_end' 'mod_timer' 'blk_mq_dispatch_rq_list' 'xas_clear_mark' 'pcpu_alloc' 'tcp_add_backlog' '__splice_from_pipe' 'ep_poll' 'find_get_pages_range_tag' 'taskstats_exit' 'wbt_done' '__hrtimer_run_queues' 'ext4_nonda_switch' 'run_timer_softirq' 'tick_sched_do_timer' 'blk_mq_get_request' 'generic_fillattr' 'pid_update_inode' 'pipe_poll' '__delete_from_page_cache' 'tomoyo_supervisor' 'do_nanosleep' 'rcu_gp_fqs_check_wake' 'tick_do_update_jiffies64' 'ext4_free_inode' 'poll_schedule_timeout' 'other_inode_match' 04:24:50 executing program 0: open(&(0x7f0000000080)='./file0\x00', 0x2442, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x106c8ae, &(0x7f00000000c0)={[{@data_journal='data=journal'}]}) [ 77.417144][ T7827] IPVS: ftp: loaded support on port[0] = 21 04:24:50 executing program 1: socket$alg(0x26, 0x5, 0x0) socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) [ 77.496901][ T7827] chnl_net:caif_netlink_parms(): no params data found [ 77.560567][ T7827] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.592095][ T7827] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.600162][ T7827] device bridge_slave_0 entered promiscuous mode [ 77.617289][ T7827] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.642019][ T7827] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.650603][ T7827] device bridge_slave_1 entered promiscuous mode [ 77.689712][ T7827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.723845][ T7827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 04:24:50 executing program 2: openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='\xa2\xbd\xbdv!\x9fD\x99\xec\r\xbf\x00', 0x80000, 0x0) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x800, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x4) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x56c) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0xa0000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000c00)=ANY=[@ANYBLOB="b1ba343d4cc39e040a1b6c00000053ffb0c476a3dc954fb2d683006b98205e2dbddc28dd62e89e318b71d7943edaef193dca8fbf1bbb38a99af7d7266fd4b934c40f0446e6159356f50643c8a974605ad5c8ce80a7ef3440ac3b4169d7bd1d8b3e8cc843d08cb6aaddf0778cb0fbcd1d740e9f053ae440828405c56f1ecd6d02d025f426bf810e4ffcedee9ca9e37ba246942a1086e90412dfcbb47d4d2769eb043f38e823621c88775effc936a43c70111a963cf6e4ddc8069e5470bc0a6fbf48b63f01c8e831710135a349e9c1fb882bb1ec040bb4bdfec921e7b2ac3b15f0c894c6b4088bb1921339e6de641d3537be2c625f1fd76eca211f94b07aef187fb2fcf7237a4c8336739a983e44464da5af64b809e84961c5a8e513bef154b2a5704c33c214afb98743258c6ef3fa00dd3be4f5cb6835d99a6046ea9d5a11e77b0df5e688b388b1a11711381f2b3f46a1701d533a6d119d252012988eaea721663eae2d6785dea4f20e0daab47c2be857c661235725c1dd40a463de6bf1ff2b7e87413dc46002feab2c864e38c73ee68ef4ca15d0c18f7407e4d358ed598bfe78abd92198a52314c2c6467282161a82b225b3c022a7911b83c4245a9663145a96849ca7512dd3754dbeb9b72870928e7f7b358ea6b77663a790abb1e01ce5bd840bd6f488b40df8e54c9f4c9f397d76effdc1d5c1cdd6f6c4d1ca091950c12fafbbf0bca2016777631a15e287dc65ea8cf95bc58a6feae0bea122f5422df5043875ffe55fde514806185b5a4759028087e01d5388775bb88b6a76a58ff2eac436ec3d10c83eac64731f6fefb7b1586635311bd87f3d731c1ccc997deb6b878221d93b8799647506bde8d3a26a771cc9843962365969441b416c96a1edb0c3abb0218a1876cbd8e8f88c89d218615472255f9a9fcd0600caf6610ddb4c6d17b17fe43470642bca57021f9113c342ff4c7fec15e315437ca4cfc6dc435fe1056bf0ad2e0bc8bd46ba737ea5e62fb48092093aea6c92d5ff83a00f08a9a83cbea63dc39eaa1c457c7622da3aeb5b0000000000", @ANYRES16, @ANYBLOB="f0c32abd7000fcdbdf250300000014000200080004000800000008000400000000003c000200080004000000000008000400ff03000008000b0002000000080006000600000008000900070000000800080005000020080009000a3500000800050003000000"], 0x3}, 0x1, 0x0, 0x0, 0x20000800}, 0x8b38c1f1781768e9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000000)={0x2, 0xa}, 0xffffffffffffffe9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x1, 0x1, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getsockopt$inet_mreq(r6, 0x0, 0x20, &(0x7f0000000080)={@local, @multicast2}, &(0x7f00000000c0)=0x8) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) rt_sigaction(0x9, &(0x7f0000000380)={&(0x7f0000000300)="8f0878c31a0f0f3a0f37326666460f38057565c4819562c6c423296adddede441930c403c56c1f0042d9fdd8f466440ffe4703", {0x7}, 0x10000000, &(0x7f0000000340)="c4a1f85c8ba5000000f3400f2b6f54470f0d62fdc421f96e0740decb672640087892c4c1725a2847dcf0c4e3356f5ce30019c421fbe6f5"}, 0x0, 0x8, &(0x7f0000000440)) sendto$inet(r1, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r1, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) [ 77.758071][ T7830] IPVS: ftp: loaded support on port[0] = 21 [ 77.760681][ T7827] team0: Port device team_slave_0 added [ 77.793296][ T7827] team0: Port device team_slave_1 added [ 77.925149][ T7827] device hsr_slave_0 entered promiscuous mode [ 77.962945][ T7827] device hsr_slave_1 entered promiscuous mode [ 78.031041][ T7832] IPVS: ftp: loaded support on port[0] = 21 04:24:51 executing program 3: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt(r0, 0x10c, 0x0, 0x0, 0x0) [ 78.121589][ T7827] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.128855][ T7827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.136598][ T7827] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.143840][ T7827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.338116][ T7830] chnl_net:caif_netlink_parms(): no params data found [ 78.563184][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.592187][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.650398][ T7861] IPVS: ftp: loaded support on port[0] = 21 [ 78.659275][ T7832] chnl_net:caif_netlink_parms(): no params data found [ 78.699600][ T7830] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.722648][ T7830] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.731005][ T7830] device bridge_slave_0 entered promiscuous mode [ 78.788960][ T7827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.819998][ T7830] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.828173][ T7830] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.844456][ T7830] device bridge_slave_1 entered promiscuous mode [ 78.926166][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.973570][ T7832] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.998787][ T7832] device bridge_slave_0 entered promiscuous mode 04:24:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) close(r2) [ 79.035397][ T7827] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.053618][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.060726][ T7832] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.114278][ T7832] device bridge_slave_1 entered promiscuous mode [ 79.121484][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.142585][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.154396][ T7830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.173699][ T7830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.219498][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.242959][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.251877][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.259083][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.340214][ T7832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.402745][ T7832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.490616][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.500850][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.543536][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.551002][ T7859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.600011][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.634222][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.665022][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.693929][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.732285][ T7832] team0: Port device team_slave_0 added [ 79.757436][ T7827] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 79.774809][ T7864] IPVS: ftp: loaded support on port[0] = 21 [ 79.802009][ T7827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.835074][ T7832] team0: Port device team_slave_1 added [ 79.841834][ T7830] team0: Port device team_slave_0 added [ 79.848771][ T7830] team0: Port device team_slave_1 added [ 79.880901][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.906984][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.918187][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 04:24:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) ioctl$TIOCGWINSZ(r0, 0x80045440, &(0x7f0000000340)) [ 79.928045][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.939429][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.949734][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.961027][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.985044][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.074407][ T7832] device hsr_slave_0 entered promiscuous mode [ 80.112458][ T7832] device hsr_slave_1 entered promiscuous mode [ 80.141951][ T7832] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.233689][ T7830] device hsr_slave_0 entered promiscuous mode [ 80.282721][ T7830] device hsr_slave_1 entered promiscuous mode [ 80.341985][ T7830] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.362123][ T7875] IPVS: ftp: loaded support on port[0] = 21 [ 80.391098][ T7827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.414125][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.421678][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.441112][ T7861] chnl_net:caif_netlink_parms(): no params data found [ 80.795463][ T7861] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.803519][ T7861] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.811374][ T7861] device bridge_slave_0 entered promiscuous mode [ 80.935602][ T7861] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.971938][ T7861] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.981474][ T7861] device bridge_slave_1 entered promiscuous mode [ 81.122252][ T7864] chnl_net:caif_netlink_parms(): no params data found [ 81.289397][ T7861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.333595][ T7930] EXT4-fs (sda1): Remounting file system with no journal so ignoring journalled data option [ 81.345753][ T7861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.404214][ T7930] EXT4-fs (sda1): re-mounted. Opts: data=journal, [ 81.453722][ T7832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.501098][ T7875] chnl_net:caif_netlink_parms(): no params data found [ 81.516878][ T7933] EXT4-fs (sda1): Remounting file system with no journal so ignoring journalled data option [ 81.556850][ T7830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.593348][ T7933] EXT4-fs (sda1): re-mounted. Opts: data=journal, [ 81.647159][ T7832] 8021q: adding VLAN 0 to HW filter on device team0 04:24:54 executing program 0: open(&(0x7f0000000080)='./file0\x00', 0x2442, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x106c8ae, &(0x7f00000000c0)={[{@data_journal='data=journal'}]}) [ 81.714428][ T7864] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.735218][ T7864] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.788576][ T7864] device bridge_slave_0 entered promiscuous mode [ 81.838625][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.856161][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.927414][ T7830] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.993553][ T7861] team0: Port device team_slave_0 added [ 82.008559][ T7864] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.031996][ T7864] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.033152][ T7939] EXT4-fs (sda1): Remounting file system with no journal so ignoring journalled data option [ 82.061976][ T7864] device bridge_slave_1 entered promiscuous mode [ 82.114004][ T7939] EXT4-fs (sda1): re-mounted. Opts: data=journal, [ 82.122986][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.131477][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.217261][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.252624][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.306624][ T7927] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.313772][ T7927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.401525][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 04:24:55 executing program 0: open(&(0x7f0000000080)='./file0\x00', 0x2442, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x106c8ae, &(0x7f00000000c0)={[{@data_journal='data=journal'}]}) [ 82.461205][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.532331][ T7927] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.539458][ T7927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.583187][ T7927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.712405][ T7861] team0: Port device team_slave_1 added [ 82.734274][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.757863][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.835538][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.890741][ T7947] EXT4-fs (sda1): Remounting file system with no journal so ignoring journalled data option [ 82.891252][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.995282][ T7947] EXT4-fs (sda1): re-mounted. Opts: data=journal, [ 83.019908][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.069824][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.156626][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 04:24:56 executing program 0: open(&(0x7f0000000080)='./file0\x00', 0x2442, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x106c8ae, &(0x7f00000000c0)={[{@data_journal='data=journal'}]}) [ 83.230863][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.272475][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.313536][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.344140][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.351208][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.427231][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.436755][ T7961] EXT4-fs (sda1): Remounting file system with no journal so ignoring journalled data option [ 83.453350][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.476799][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.483947][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.512047][ T7961] EXT4-fs (sda1): re-mounted. Opts: data=journal, [ 83.520328][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 83.529332][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.551806][ T7832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.569702][ T7832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.593569][ T7864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.621379][ T7875] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.629065][ T7875] bridge0: port 1(bridge_slave_0) entered disabled state 04:24:56 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x14, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_SPORT={0x8, 0x9}], @tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r4}]]}}}]}, 0x40}}, 0x0) [ 83.636831][ T7875] device bridge_slave_0 entered promiscuous mode [ 83.650087][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.659632][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.689215][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.707267][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.764919][ T7861] device hsr_slave_0 entered promiscuous mode [ 83.812483][ T7861] device hsr_slave_1 entered promiscuous mode [ 83.852015][ T7861] debugfs: Directory 'hsr0' with parent '/' already present! [ 83.863198][ T7864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.875074][ T7875] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.887018][ T7875] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.895183][ T7875] device bridge_slave_1 entered promiscuous mode [ 83.914824][ T7830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.925605][ T7830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.937894][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.948313][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.957798][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.966582][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.975600][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.984305][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.994122][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.003450][ T7926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.013177][ T7978] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 84.031075][ T7875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.050695][ T7875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.065925][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.077365][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.085718][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.093989][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 04:24:57 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x14, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_SPORT={0x8, 0x9}], @tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r4}]]}}}]}, 0x40}}, 0x0) [ 84.150327][ T7864] team0: Port device team_slave_0 added [ 84.168099][ T7832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.188457][ T7875] team0: Port device team_slave_0 added [ 84.213493][ T7830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.279723][ T7864] team0: Port device team_slave_1 added [ 84.291606][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.340592][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.375574][ T7875] team0: Port device team_slave_1 added [ 84.474400][ T7875] device hsr_slave_0 entered promiscuous mode [ 84.542326][ T7875] device hsr_slave_1 entered promiscuous mode [ 84.562071][ T7875] debugfs: Directory 'hsr0' with parent '/' already present! [ 84.576978][ T8001] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 84.725455][ T7864] device hsr_slave_0 entered promiscuous mode [ 84.832434][ T7864] device hsr_slave_1 entered promiscuous mode [ 84.872313][ T7864] debugfs: Directory 'hsr0' with parent '/' already present! 04:24:58 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x14, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_SPORT={0x8, 0x9}], @tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r4}]]}}}]}, 0x40}}, 0x0) [ 85.180331][ T7861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.217433][ T8040] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 85.338182][ T7861] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.424672][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.456497][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.523557][ C0] hrtimer: interrupt took 34689 ns [ 85.601689][ T7875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.685501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.717173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 04:24:58 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x14, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_SPORT={0x8, 0x9}], @tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r4}]]}}}]}, 0x40}}, 0x0) [ 85.812618][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.819989][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.992636][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.063550][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.127796][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.135207][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.328172][ T7875] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.402634][ T8076] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 86.474481][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 86.505902][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.623273][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:24:59 executing program 1: socket$alg(0x26, 0x5, 0x0) socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 04:24:59 executing program 2: openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='\xa2\xbd\xbdv!\x9fD\x99\xec\r\xbf\x00', 0x80000, 0x0) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x800, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x4) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x56c) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0xa0000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000c00)=ANY=[@ANYBLOB="b1ba343d4cc39e040a1b6c00000053ffb0c476a3dc954fb2d683006b98205e2dbddc28dd62e89e318b71d7943edaef193dca8fbf1bbb38a99af7d7266fd4b934c40f0446e6159356f50643c8a974605ad5c8ce80a7ef3440ac3b4169d7bd1d8b3e8cc843d08cb6aaddf0778cb0fbcd1d740e9f053ae440828405c56f1ecd6d02d025f426bf810e4ffcedee9ca9e37ba246942a1086e90412dfcbb47d4d2769eb043f38e823621c88775effc936a43c70111a963cf6e4ddc8069e5470bc0a6fbf48b63f01c8e831710135a349e9c1fb882bb1ec040bb4bdfec921e7b2ac3b15f0c894c6b4088bb1921339e6de641d3537be2c625f1fd76eca211f94b07aef187fb2fcf7237a4c8336739a983e44464da5af64b809e84961c5a8e513bef154b2a5704c33c214afb98743258c6ef3fa00dd3be4f5cb6835d99a6046ea9d5a11e77b0df5e688b388b1a11711381f2b3f46a1701d533a6d119d252012988eaea721663eae2d6785dea4f20e0daab47c2be857c661235725c1dd40a463de6bf1ff2b7e87413dc46002feab2c864e38c73ee68ef4ca15d0c18f7407e4d358ed598bfe78abd92198a52314c2c6467282161a82b225b3c022a7911b83c4245a9663145a96849ca7512dd3754dbeb9b72870928e7f7b358ea6b77663a790abb1e01ce5bd840bd6f488b40df8e54c9f4c9f397d76effdc1d5c1cdd6f6c4d1ca091950c12fafbbf0bca2016777631a15e287dc65ea8cf95bc58a6feae0bea122f5422df5043875ffe55fde514806185b5a4759028087e01d5388775bb88b6a76a58ff2eac436ec3d10c83eac64731f6fefb7b1586635311bd87f3d731c1ccc997deb6b878221d93b8799647506bde8d3a26a771cc9843962365969441b416c96a1edb0c3abb0218a1876cbd8e8f88c89d218615472255f9a9fcd0600caf6610ddb4c6d17b17fe43470642bca57021f9113c342ff4c7fec15e315437ca4cfc6dc435fe1056bf0ad2e0bc8bd46ba737ea5e62fb48092093aea6c92d5ff83a00f08a9a83cbea63dc39eaa1c457c7622da3aeb5b0000000000", @ANYRES16, @ANYBLOB="f0c32abd7000fcdbdf250300000014000200080004000800000008000400000000003c000200080004000000000008000400ff03000008000b0002000000080006000600000008000900070000000800080005000020080009000a3500000800050003000000"], 0x3}, 0x1, 0x0, 0x0, 0x20000800}, 0x8b38c1f1781768e9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000000)={0x2, 0xa}, 0xffffffffffffffe9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x1, 0x1, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getsockopt$inet_mreq(r6, 0x0, 0x20, &(0x7f0000000080)={@local, @multicast2}, &(0x7f00000000c0)=0x8) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) rt_sigaction(0x9, &(0x7f0000000380)={&(0x7f0000000300)="8f0878c31a0f0f3a0f37326666460f38057565c4819562c6c423296adddede441930c403c56c1f0042d9fdd8f466440ffe4703", {0x7}, 0x10000000, &(0x7f0000000340)="c4a1f85c8ba5000000f3400f2b6f54470f0d62fdc421f96e0740decb672640087892c4c1725a2847dcf0c4e3356f5ce30019c421fbe6f5"}, 0x0, 0x8, &(0x7f0000000440)) sendto$inet(r1, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r1, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) [ 86.732491][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.746460][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.902837][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.972526][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.025086][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.103450][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.179643][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.259806][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.336509][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 87.416393][ T7862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.503743][ T7861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.608428][ T7864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.715829][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 87.755922][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.843602][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.909038][ T7867] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.916354][ T7867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.038411][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.132474][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.141090][ T7867] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.148360][ T7867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.263933][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.332480][ T7861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.346522][ T7864] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.402251][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.410305][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 88.482211][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 88.489777][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.598901][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.642626][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.693173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.753191][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.816926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.856117][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.916677][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 88.982791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.034000][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.083248][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.139478][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 89.150729][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.160508][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.202510][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.211643][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.219893][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.280818][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.293738][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.347138][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.355635][ T7859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.365298][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.382773][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 89.390466][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 89.405801][ T7875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.425595][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.437885][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.449548][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.462099][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.478812][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.488798][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.501039][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.511205][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.525048][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.538014][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.552370][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.568543][ T7864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:25:02 executing program 3: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt(r0, 0x10c, 0x0, 0x0, 0x0) [ 89.597380][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 89.605574][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 89.618425][ T7864] 8021q: adding VLAN 0 to HW filter on device batadv0 04:25:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) close(r2) 04:25:03 executing program 0: socket$alg(0x26, 0x5, 0x0) socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 04:25:03 executing program 2: openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='\xa2\xbd\xbdv!\x9fD\x99\xec\r\xbf\x00', 0x80000, 0x0) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x800, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x4) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x56c) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0xa0000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000c00)=ANY=[@ANYBLOB="b1ba343d4cc39e040a1b6c00000053ffb0c476a3dc954fb2d683006b98205e2dbddc28dd62e89e318b71d7943edaef193dca8fbf1bbb38a99af7d7266fd4b934c40f0446e6159356f50643c8a974605ad5c8ce80a7ef3440ac3b4169d7bd1d8b3e8cc843d08cb6aaddf0778cb0fbcd1d740e9f053ae440828405c56f1ecd6d02d025f426bf810e4ffcedee9ca9e37ba246942a1086e90412dfcbb47d4d2769eb043f38e823621c88775effc936a43c70111a963cf6e4ddc8069e5470bc0a6fbf48b63f01c8e831710135a349e9c1fb882bb1ec040bb4bdfec921e7b2ac3b15f0c894c6b4088bb1921339e6de641d3537be2c625f1fd76eca211f94b07aef187fb2fcf7237a4c8336739a983e44464da5af64b809e84961c5a8e513bef154b2a5704c33c214afb98743258c6ef3fa00dd3be4f5cb6835d99a6046ea9d5a11e77b0df5e688b388b1a11711381f2b3f46a1701d533a6d119d252012988eaea721663eae2d6785dea4f20e0daab47c2be857c661235725c1dd40a463de6bf1ff2b7e87413dc46002feab2c864e38c73ee68ef4ca15d0c18f7407e4d358ed598bfe78abd92198a52314c2c6467282161a82b225b3c022a7911b83c4245a9663145a96849ca7512dd3754dbeb9b72870928e7f7b358ea6b77663a790abb1e01ce5bd840bd6f488b40df8e54c9f4c9f397d76effdc1d5c1cdd6f6c4d1ca091950c12fafbbf0bca2016777631a15e287dc65ea8cf95bc58a6feae0bea122f5422df5043875ffe55fde514806185b5a4759028087e01d5388775bb88b6a76a58ff2eac436ec3d10c83eac64731f6fefb7b1586635311bd87f3d731c1ccc997deb6b878221d93b8799647506bde8d3a26a771cc9843962365969441b416c96a1edb0c3abb0218a1876cbd8e8f88c89d218615472255f9a9fcd0600caf6610ddb4c6d17b17fe43470642bca57021f9113c342ff4c7fec15e315437ca4cfc6dc435fe1056bf0ad2e0bc8bd46ba737ea5e62fb48092093aea6c92d5ff83a00f08a9a83cbea63dc39eaa1c457c7622da3aeb5b0000000000", @ANYRES16, @ANYBLOB="f0c32abd7000fcdbdf250300000014000200080004000800000008000400000000003c000200080004000000000008000400ff03000008000b0002000000080006000600000008000900070000000800080005000020080009000a3500000800050003000000"], 0x3}, 0x1, 0x0, 0x0, 0x20000800}, 0x8b38c1f1781768e9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000000)={0x2, 0xa}, 0xffffffffffffffe9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x1, 0x1, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getsockopt$inet_mreq(r6, 0x0, 0x20, &(0x7f0000000080)={@local, @multicast2}, &(0x7f00000000c0)=0x8) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) rt_sigaction(0x9, &(0x7f0000000380)={&(0x7f0000000300)="8f0878c31a0f0f3a0f37326666460f38057565c4819562c6c423296adddede441930c403c56c1f0042d9fdd8f466440ffe4703", {0x7}, 0x10000000, &(0x7f0000000340)="c4a1f85c8ba5000000f3400f2b6f54470f0d62fdc421f96e0740decb672640087892c4c1725a2847dcf0c4e3356f5ce30019c421fbe6f5"}, 0x0, 0x8, &(0x7f0000000440)) sendto$inet(r1, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r1, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) 04:25:03 executing program 3: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt(r0, 0x10c, 0x0, 0x0, 0x0) 04:25:03 executing program 1: socket$alg(0x26, 0x5, 0x0) socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 04:25:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) ioctl$TIOCGWINSZ(r0, 0x80045440, &(0x7f0000000340)) [ 89.865567][ T8145] ================================================================== [ 89.874860][ T8145] BUG: KCSAN: data-race in __rb_erase_color / vm_area_dup [ 89.882133][ T8145] [ 89.884783][ T8145] read to 0xffff888123e9d000 of 200 bytes by task 8146 on cpu 0: [ 89.892687][ T8145] vm_area_dup+0x70/0xf0 [ 89.896952][ T8145] __split_vma+0x88/0x350 [ 89.901432][ T8145] split_vma+0x73/0xa0 [ 89.905536][ T8145] mprotect_fixup+0x43f/0x510 [ 89.910319][ T8145] do_mprotect_pkey+0x3eb/0x660 [ 89.915190][ T8145] __x64_sys_mprotect+0x51/0x70 [ 89.920065][ T8145] do_syscall_64+0xcc/0x370 [ 89.924703][ T8145] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.930590][ T8145] [ 89.932920][ T8145] write to 0xffff888123e9d058 of 8 bytes by task 8145 on cpu 1: [ 89.940570][ T8145] __rb_erase_color+0x66e/0x700 [ 89.945664][ T8145] vma_interval_tree_remove+0x4e8/0x8a0 [ 89.951262][ T8145] __vma_adjust+0x278/0x12a0 [ 89.956014][ T8145] __split_vma+0x208/0x350 [ 89.960455][ T8145] split_vma+0x73/0xa0 [ 89.964539][ T8145] mprotect_fixup+0x43f/0x510 [ 89.969465][ T8145] do_mprotect_pkey+0x3eb/0x660 [ 89.974574][ T8145] __x64_sys_mprotect+0x51/0x70 [ 89.979593][ T8145] do_syscall_64+0xcc/0x370 [ 89.984382][ T8145] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.990285][ T8145] [ 89.992623][ T8145] Reported by Kernel Concurrency Sanitizer on: [ 89.998916][ T8145] CPU: 1 PID: 8145 Comm: blkid Not tainted 5.4.0-syzkaller #0 [ 90.006385][ T8145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.016447][ T8145] ================================================================== [ 90.024737][ T8145] Kernel panic - not syncing: panic_on_warn set ... [ 90.031352][ T8145] CPU: 1 PID: 8145 Comm: blkid Not tainted 5.4.0-syzkaller #0 [ 90.038803][ T8145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.049178][ T8145] Call Trace: [ 90.052493][ T8145] dump_stack+0x11d/0x181 [ 90.056833][ T8145] panic+0x210/0x640 [ 90.060898][ T8145] ? vprintk_func+0x8d/0x140 [ 90.065512][ T8145] kcsan_report.cold+0xc/0xd [ 90.070126][ T8145] kcsan_setup_watchpoint+0x3fe/0x460 [ 90.075522][ T8145] __tsan_unaligned_write8+0xc4/0x100 [ 90.080939][ T8145] __rb_erase_color+0x66e/0x700 [ 90.085907][ T8145] ? __anon_vma_interval_tree_subtree_search+0x160/0x160 [ 90.092972][ T8145] vma_interval_tree_remove+0x4e8/0x8a0 [ 90.098744][ T8145] ? vma_interval_tree_insert+0x19b/0x230 [ 90.104482][ T8145] __vma_adjust+0x278/0x12a0 [ 90.109110][ T8145] __split_vma+0x208/0x350 [ 90.113534][ T8145] split_vma+0x73/0xa0 [ 90.117625][ T8145] mprotect_fixup+0x43f/0x510 [ 90.122327][ T8145] do_mprotect_pkey+0x3eb/0x660 [ 90.127192][ T8145] __x64_sys_mprotect+0x51/0x70 [ 90.132066][ T8145] do_syscall_64+0xcc/0x370 [ 90.137660][ T8145] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 90.143563][ T8145] RIP: 0033:0x7f6d22113447 [ 90.148243][ T8145] Code: 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 90 90 90 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 2d ad 20 00 31 d2 48 29 c2 89 [ 90.168542][ T8145] RSP: 002b:00007ffd8d2439c8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 90.177833][ T8145] RAX: ffffffffffffffda RBX: 00007f6d2231b4c8 RCX: 00007f6d22113447 [ 90.186119][ T8145] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 00007f6d220f9000 [ 90.195215][ T8145] RBP: 00007ffd8d243ac0 R08: 0000000000000001 R09: 0000000000000039 [ 90.203420][ T8145] R10: 00007f6d21edc4c0 R11: 0000000000000206 R12: 00007f6d21ed6000 [ 90.211567][ T8145] R13: 00007f6d220fc4b0 R14: 00007f6d21edc4c0 R15: 00007f6d220fbfd0 [ 90.222668][ T8145] Kernel Offset: disabled [ 90.227700][ T8145] Rebooting in 86400 seconds..