[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 62.427224][ T26] audit: type=1800 audit(1562671080.281:25): pid=9041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 62.466373][ T26] audit: type=1800 audit(1562671080.281:26): pid=9041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 62.503210][ T26] audit: type=1800 audit(1562671080.281:27): pid=9041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. 2019/07/09 11:18:10 fuzzer started 2019/07/09 11:18:14 dialing manager at 10.128.0.26:37959 2019/07/09 11:18:14 syscalls: 2465 2019/07/09 11:18:14 code coverage: enabled 2019/07/09 11:18:14 comparison tracing: enabled 2019/07/09 11:18:14 extra coverage: extra coverage is not supported by the kernel 2019/07/09 11:18:14 setuid sandbox: enabled 2019/07/09 11:18:14 namespace sandbox: enabled 2019/07/09 11:18:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/09 11:18:14 fault injection: enabled 2019/07/09 11:18:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/09 11:18:14 net packet injection: enabled 2019/07/09 11:18:14 net device setup: enabled 11:19:39 executing program 0: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x0, 0x4, 0x0, 0x200, 0x0, 0x4, 0x10, 0x6, 0xf2da, 0x7, 0x9, 0x6ad08932, 0x318c340d, 0x10000, 0x1000, 0x0, 0x0, 0x0, 0x76, 0x8, 0x0, 0x3, 0x0, 0x8000, 0x5, 0x5, 0x1, 0x3, 0x2, 0x3f, 0x8000, 0x7, 0x1, 0x0, 0x1, 0x5, 0x0, 0x0, 0x4, @perf_config_ext={0xff, 0x9}, 0x0, 0xffffffffffffff23, 0x7, 0x2, 0x8, 0x0, 0x80}, 0x0, 0xa, 0xffffffffffffffff, 0x2) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) seccomp(0x1, 0x0, &(0x7f0000001980)={0x2, &(0x7f0000000000)=[{0xb1}, {0x1c1}]}) syzkaller login: [ 162.041458][ T9206] IPVS: ftp: loaded support on port[0] = 21 11:19:40 executing program 1: fanotify_init(0x200, 0x0) [ 162.209308][ T9206] chnl_net:caif_netlink_parms(): no params data found [ 162.289651][ T9206] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.298765][ T9206] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.307453][ T9206] device bridge_slave_0 entered promiscuous mode [ 162.318078][ T9206] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.331598][ T9206] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.340190][ T9206] device bridge_slave_1 entered promiscuous mode [ 162.369336][ T9206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 11:19:40 executing program 2: setuid(0xee01) shmget(0x2, 0x3000, 0x489, &(0x7f0000ffd000/0x3000)=nil) [ 162.386396][ T9209] IPVS: ftp: loaded support on port[0] = 21 [ 162.395692][ T9206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.471132][ T9206] team0: Port device team_slave_0 added [ 162.485368][ T9206] team0: Port device team_slave_1 added [ 162.577420][ T9206] device hsr_slave_0 entered promiscuous mode 11:19:40 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000540)={0x5, 0x1ff, 0x1, 0x3f}, 0x3c) [ 162.684884][ T9206] device hsr_slave_1 entered promiscuous mode [ 162.820384][ T9211] IPVS: ftp: loaded support on port[0] = 21 [ 162.866137][ T9206] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.873438][ T9206] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.881484][ T9206] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.888627][ T9206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.904032][ T9213] IPVS: ftp: loaded support on port[0] = 21 11:19:40 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000540)={0x5, 0x1ff, 0x1, 0x3f, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x3c) [ 162.940298][ T9209] chnl_net:caif_netlink_parms(): no params data found [ 163.140865][ T9209] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.149849][ T9209] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.161077][ T9209] device bridge_slave_0 entered promiscuous mode [ 163.208044][ T9209] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.218458][ T9209] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.228292][ T9209] device bridge_slave_1 entered promiscuous mode [ 163.246482][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.257992][ T12] bridge0: port 2(bridge_slave_1) entered disabled state 11:19:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) [ 163.326345][ T9206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.345549][ T9217] IPVS: ftp: loaded support on port[0] = 21 [ 163.397228][ T9209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.469925][ T9209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.514012][ T9209] team0: Port device team_slave_0 added [ 163.519899][ T9211] chnl_net:caif_netlink_parms(): no params data found [ 163.547219][ T9213] chnl_net:caif_netlink_parms(): no params data found [ 163.557666][ T9222] IPVS: ftp: loaded support on port[0] = 21 [ 163.573134][ T9209] team0: Port device team_slave_1 added [ 163.652641][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 163.660978][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 163.716675][ T9209] device hsr_slave_0 entered promiscuous mode [ 163.774350][ T9209] device hsr_slave_1 entered promiscuous mode [ 163.813253][ T9209] debugfs: File 'hsr0' already present! [ 163.825483][ T9211] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.832580][ T9211] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.840375][ T9211] device bridge_slave_0 entered promiscuous mode [ 163.850429][ T9211] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.857642][ T9211] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.865726][ T9211] device bridge_slave_1 entered promiscuous mode [ 163.879838][ T9206] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.912663][ T9213] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.920386][ T9213] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.928218][ T9213] device bridge_slave_0 entered promiscuous mode [ 163.938568][ T9213] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.945847][ T9213] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.956619][ T9213] device bridge_slave_1 entered promiscuous mode [ 163.989222][ T9211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.016524][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.025529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.034144][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.041221][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.058143][ T9213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.070327][ T9211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.090374][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.099040][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.108235][ T3005] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.115351][ T3005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.130682][ T9213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.179319][ T9211] team0: Port device team_slave_0 added [ 164.199863][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 164.209208][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 164.250359][ T9211] team0: Port device team_slave_1 added [ 164.276887][ T9213] team0: Port device team_slave_0 added [ 164.285531][ T9213] team0: Port device team_slave_1 added [ 164.296506][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.305364][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.314046][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.376635][ T9211] device hsr_slave_0 entered promiscuous mode [ 164.423262][ T9211] device hsr_slave_1 entered promiscuous mode [ 164.503239][ T9211] debugfs: File 'hsr0' already present! [ 164.516894][ T9217] chnl_net:caif_netlink_parms(): no params data found [ 164.547530][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.556761][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.636361][ T9213] device hsr_slave_0 entered promiscuous mode [ 164.673824][ T9213] device hsr_slave_1 entered promiscuous mode [ 164.713050][ T9213] debugfs: File 'hsr0' already present! [ 164.758903][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 164.767850][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 164.788839][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 164.797510][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 164.836017][ T9206] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 164.851670][ T9217] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.859497][ T9217] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.867405][ T9217] device bridge_slave_0 entered promiscuous mode [ 164.878487][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.889002][ T9217] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.897222][ T9217] device bridge_slave_1 entered promiscuous mode [ 164.907048][ T9222] chnl_net:caif_netlink_parms(): no params data found [ 164.927950][ T9209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.972604][ T9217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.010844][ T9206] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.020524][ T9217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.086628][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.094855][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.107546][ T9211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.115702][ T9222] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.122768][ T9222] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.131264][ T9222] device bridge_slave_0 entered promiscuous mode [ 165.142176][ T9217] team0: Port device team_slave_0 added [ 165.160973][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.176107][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.188405][ T9209] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.198540][ T9222] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.206405][ T9222] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.215033][ T9222] device bridge_slave_1 entered promiscuous mode [ 165.228045][ T9211] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.237096][ T9217] team0: Port device team_slave_1 added [ 165.308920][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.319557][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.329219][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.336372][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.345399][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.354477][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.363504][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.370582][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.378391][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.387630][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.396677][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.403813][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.412013][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 165.420252][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 165.438809][ T9213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.464342][ T9222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.486290][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 11:19:43 executing program 0: [ 165.507665][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.524223][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.531344][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.562262][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 165.577678][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 165.596019][ T9222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 11:19:43 executing program 0: 11:19:43 executing program 0: syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@fat=@fmask={'fmask'}}]}) [ 165.656153][ T9217] device hsr_slave_0 entered promiscuous mode [ 165.693523][ T9217] device hsr_slave_1 entered promiscuous mode [ 165.735794][ T9243] FAT-fs (loop0): bogus number of reserved sectors [ 165.742642][ T9243] FAT-fs (loop0): Can't find a valid FAT filesystem [ 165.753084][ T9217] debugfs: File 'hsr0' already present! [ 165.768934][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 165.778266][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 165.787871][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 165.798848][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 165.840911][ T9243] FAT-fs (loop0): bogus number of reserved sectors [ 165.851523][ T9243] FAT-fs (loop0): Can't find a valid FAT filesystem [ 165.903186][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 165.911477][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 165.925508][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 165.934475][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 11:19:43 executing program 0: [ 165.953706][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 165.962402][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 165.972118][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 165.980509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 165.989438][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 165.998177][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.006487][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.020752][ T9209] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 166.033709][ T9209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.046449][ T9222] team0: Port device team_slave_0 added [ 166.057188][ T9211] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 166.076821][ T9211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.097939][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 11:19:43 executing program 0: [ 166.114060][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.122573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.136813][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.145095][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.153100][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.161637][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.173627][ T9213] 8021q: adding VLAN 0 to HW filter on device team0 11:19:44 executing program 0: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) [ 166.215209][ T9222] team0: Port device team_slave_1 added [ 166.271688][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.292074][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.303494][ T9224] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.310667][ T9224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.319074][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.329449][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.357413][ T9224] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.364566][ T9224] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.372369][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.382472][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.394530][ T9209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.416390][ T9211] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.433759][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.441859][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.451405][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.461489][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.471962][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.480793][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.492285][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.501149][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.510613][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.541302][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.558979][ T9213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 11:19:44 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000101000)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) [ 166.616278][ T9222] device hsr_slave_0 entered promiscuous mode [ 166.674986][ T9222] device hsr_slave_1 entered promiscuous mode [ 166.703078][ T9222] debugfs: File 'hsr0' already present! [ 166.794623][ T9213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.883606][ T9217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.972293][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.984503][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:19:44 executing program 1: 11:19:44 executing program 2: openat(0xffffffffffffffff, 0x0, 0x200000, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffdb1) sched_setaffinity(0x0, 0xfffffffffffffd32, 0x0) msgget(0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xffd8) mlockall(0x7) semget(0xffffffffffffffff, 0x0, 0x0) munlockall() [ 167.013728][ T9217] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.085814][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.102102][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.154424][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.161528][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.208898][ T9222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.236494][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.251219][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 11:19:45 executing program 3: [ 167.280040][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.295652][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.302772][ T9249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.342291][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.356016][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.372487][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.381104][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.395897][ T9222] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.404539][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.415486][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.448799][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.456882][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.465789][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.474460][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.482716][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.491161][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.499918][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.508410][ T9249] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.515537][ T9249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.524052][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.532377][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.540761][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.549372][ T9249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.557961][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.565104][ T9249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.576035][ T9217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.587284][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.595739][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.619606][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.629661][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.639588][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.650573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.665742][ T9217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.683803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.692573][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.711678][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.720911][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.738524][ T9222] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.750416][ T9222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.759313][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.776316][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.818911][ T9222] 8021q: adding VLAN 0 to HW filter on device batadv0 11:19:45 executing program 4: getrusage(0x1, &(0x7f00000051c0)) [ 168.344014][ C0] hrtimer: interrupt took 56940 ns 11:19:46 executing program 5: semop(0x0, &(0x7f0000000100), 0x2d) semtimedop(0x0, &(0x7f0000000140)=[{0x0, 0x0, 0x1000}], 0x1, 0x0) 11:19:46 executing program 0: 11:19:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x5, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x161, 0x11, 0x58}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 11:19:46 executing program 2: sched_setaffinity(0x0, 0xfffffffffffffd32, 0x0) 11:19:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x10000000002) 11:19:46 executing program 4: socket(0x0, 0x10000080008000a, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000340)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000000080)='./file1\x00', 0x81fe, 0x0) syz_open_dev$vcsa(&(0x7f00000005c0)='/dev/vcsa#\x00', 0x10000, 0x0) pipe(&(0x7f0000000100)) select(0x40, &(0x7f0000000200), &(0x7f0000000300)={0xe1}, 0x0, 0x0) 11:19:46 executing program 0: 11:19:46 executing program 2: 11:19:46 executing program 5: 11:19:46 executing program 1: 11:19:46 executing program 4: 11:19:46 executing program 0: 11:19:46 executing program 5: 11:19:46 executing program 2: 11:19:47 executing program 1: 11:19:47 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x1910824, 0x0) 11:19:47 executing program 3: syz_genetlink_get_family_id$tipc(0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000000)=[{}]}) 11:19:47 executing program 0: socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x1910824, 0x0) 11:19:47 executing program 5: syz_genetlink_get_family_id$tipc(0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000000)=[{0x5}]}) 11:19:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="b6cbc91efb0a50ec7be070") r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x101401, 0x0) ioctl$TIOCSTI(r1, 0x5412, 0x3) clock_nanosleep(0x23, 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000180)) bpf$MAP_CREATE(0x0, 0x0, 0xbb740041b03b7ac) io_setup(0x3, &(0x7f00000000c0)=0x0) io_getevents(r2, 0x0, 0x0, 0x0, &(0x7f0000000680)) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) 11:19:47 executing program 2: r0 = fsopen(&(0x7f00000003c0)='proc\x00', 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='/dev/mixer\x00', 0x0, r1) dup3(r1, r0, 0x0) keyctl$join(0x1, &(0x7f0000000080)={'syz'}) r2 = getpid() r3 = getpgid(0x0) tgkill(r2, r3, 0x2a) [ 169.430113][ T9211] ------------[ cut here ]------------ [ 169.435977][ T9211] kernel BUG at lib/lockref.c:189! [ 169.441221][ T9211] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 169.447303][ T9211] CPU: 1 PID: 9211 Comm: syz-executor.2 Not tainted 5.2.0-next-20190708 #33 [ 169.455982][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.466068][ T9211] RIP: 0010:lockref_mark_dead+0x8b/0xa0 [ 169.471627][ T9211] Code: 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03 7e 1d c7 43 38 80 ff ff ff 5b 41 5c 5d c3 e8 75 19 38 fe <0f> 0b 48 89 df e8 0b 59 72 fe eb ab e8 a4 59 72 fe eb dc 90 90 55 [ 169.491349][ T9211] RSP: 0018:ffff888087a1fc90 EFLAGS: 00010293 [ 169.497428][ T9211] RAX: ffff88809572a280 RBX: ffff888094d56080 RCX: ffffffff833a3abf [ 169.505410][ T9211] RDX: 0000000000000000 RSI: ffffffff833a3afb RDI: 0000000000000005 [ 169.513409][ T9211] RBP: ffff888087a1fca0 R08: ffff88809572a280 R09: ffffed10129aac11 [ 169.521394][ T9211] R10: ffffed10129aac10 R11: ffff888094d56083 R12: 0000000000000000 [ 169.529394][ T9211] R13: ffff888094d56080 R14: ffff888094d56000 R15: 0000000000000000 [ 169.537411][ T9211] FS: 00005555557fd940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 169.546355][ T9211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.552950][ T9211] CR2: 0000555555806978 CR3: 0000000094810000 CR4: 00000000001406e0 [ 169.560932][ T9211] Call Trace: [ 169.564244][ T9211] __dentry_kill+0x5f/0x600 [ 169.568761][ T9211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.575012][ T9211] shrink_dcache_parent+0x2c9/0x3d0 [ 169.580226][ T9211] ? shrink_dcache_sb+0x270/0x270 [ 169.585252][ T9211] ? __kasan_check_read+0x11/0x20 [ 169.590277][ T9211] ? do_raw_spin_unlock+0x57/0x270 [ 169.595390][ T9211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.601658][ T9211] vfs_rmdir+0x26f/0x4f0 [ 169.605922][ T9211] ? security_path_rmdir+0x110/0x160 [ 169.611221][ T9211] do_rmdir+0x39e/0x420 [ 169.615409][ T9211] ? __ia32_sys_mkdir+0x80/0x80 [ 169.620260][ T9211] ? blkcg_exit_queue+0x30/0x30 [ 169.625118][ T9211] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.630588][ T9211] ? do_syscall_64+0x26/0x6a0 [ 169.635273][ T9211] ? lockdep_hardirqs_on+0x418/0x5d0 [ 169.640569][ T9211] __x64_sys_rmdir+0x36/0x40 [ 169.645171][ T9211] do_syscall_64+0xfd/0x6a0 [ 169.649691][ T9211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.655584][ T9211] RIP: 0033:0x459537 [ 169.659489][ T9211] Code: 00 66 90 b8 57 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.679108][ T9211] RSP: 002b:00007ffc1aafcac8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 169.687534][ T9211] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 0000000000459537 [ 169.695518][ T9211] RDX: 0000000000000000 RSI: 0000000000714698 RDI: 00007ffc1aafdc00 [ 169.703497][ T9211] RBP: 000000000000000a R08: 0000000000000000 R09: 0000000000000001 [ 169.711485][ T9211] R10: 0000000000000006 R11: 0000000000000207 R12: 00007ffc1aafdc00 [ 169.719495][ T9211] R13: 00005555557fe940 R14: 0000000000000000 R15: 00007ffc1aafdc00 [ 169.727483][ T9211] Modules linked in: [ 169.732756][ T9211] ---[ end trace 849452d74d0c16a0 ]--- [ 169.738282][ T9211] RIP: 0010:lockref_mark_dead+0x8b/0xa0 [ 169.743859][ T9211] Code: 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03 7e 1d c7 43 38 80 ff ff ff 5b 41 5c 5d c3 e8 75 19 38 fe <0f> 0b 48 89 df e8 0b 59 72 fe eb ab e8 a4 59 72 fe eb dc 90 90 55 [ 169.763511][ T9211] RSP: 0018:ffff888087a1fc90 EFLAGS: 00010293 [ 169.769585][ T9211] RAX: ffff88809572a280 RBX: ffff888094d56080 RCX: ffffffff833a3abf [ 169.777606][ T9211] RDX: 0000000000000000 RSI: ffffffff833a3afb RDI: 0000000000000005 [ 169.785626][ T9211] RBP: ffff888087a1fca0 R08: ffff88809572a280 R09: ffffed10129aac11 [ 169.793643][ T9211] R10: ffffed10129aac10 R11: ffff888094d56083 R12: 0000000000000000 [ 169.801621][ T9211] R13: ffff888094d56080 R14: ffff888094d56000 R15: 0000000000000000 [ 169.809667][ T9211] FS: 00005555557fd940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 169.818651][ T9211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.825287][ T9211] CR2: 0000555555806978 CR3: 0000000094810000 CR4: 00000000001406e0 [ 169.833312][ T9211] Kernel panic - not syncing: Fatal exception [ 169.840430][ T9211] Kernel Offset: disabled [ 169.844965][ T9211] Rebooting in 86400 seconds..