[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.047889][ T23] audit: type=1800 audit(1572273601.974:25): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.071902][ T23] audit: type=1800 audit(1572273601.974:26): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.135166][ T23] audit: type=1800 audit(1572273601.974:27): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. 2019/10/28 14:40:11 fuzzer started 2019/10/28 14:40:13 dialing manager at 10.128.0.26:33299 2019/10/28 14:40:13 syscalls: 2534 2019/10/28 14:40:13 code coverage: enabled 2019/10/28 14:40:13 comparison tracing: enabled 2019/10/28 14:40:13 extra coverage: extra coverage is not supported by the kernel 2019/10/28 14:40:13 setuid sandbox: enabled 2019/10/28 14:40:13 namespace sandbox: enabled 2019/10/28 14:40:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/28 14:40:13 fault injection: enabled 2019/10/28 14:40:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/28 14:40:13 net packet injection: enabled 2019/10/28 14:40:13 net device setup: enabled 2019/10/28 14:40:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 14:41:45 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={r0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe35}, 0x20) 14:41:45 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) syzkaller login: [ 163.586275][ T8995] IPVS: ftp: loaded support on port[0] = 21 [ 163.735702][ T8997] IPVS: ftp: loaded support on port[0] = 21 14:41:45 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) sendmmsg$inet(r0, &(0x7f0000002540)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)='2', 0x1}], 0x1}}, {{&(0x7f0000000640)={0x2, 0x0, @empty=0xc6120000}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000680)='w', 0x1}], 0x1}}], 0x2, 0x0) [ 163.819600][ T8995] chnl_net:caif_netlink_parms(): no params data found [ 163.928678][ T8995] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.937686][ T8995] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.947456][ T8995] device bridge_slave_0 entered promiscuous mode [ 163.976122][ T8995] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.985178][ T8995] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.993711][ T8995] device bridge_slave_1 entered promiscuous mode [ 164.008111][ T8997] chnl_net:caif_netlink_parms(): no params data found [ 164.040150][ T8995] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.071892][ T8995] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.093017][ T9001] IPVS: ftp: loaded support on port[0] = 21 [ 164.120804][ T8995] team0: Port device team_slave_0 added [ 164.136390][ T8995] team0: Port device team_slave_1 added [ 164.157006][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.171902][ T8997] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.179649][ T8997] device bridge_slave_0 entered promiscuous mode 14:41:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) r2 = dup(r0) bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x2f0, 0x20000008, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000400)='./file0\x00', 0x141042, 0xc0) timer_settime(0x0, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4) ftruncate(r3, 0x80003) socket$nl_route(0x10, 0x3, 0x0) getresgid(&(0x7f0000000180), 0x0, 0x0) r4 = socket$inet6(0xa, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) setsockopt$inet6_udp_int(r5, 0x11, 0x1, 0x0, 0xfcab) r6 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) fchmod(r6, 0x14a) truncate(0x0, 0x0) getgroups(0x0, 0x0) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) dup(r4) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffe) recvmmsg(r1, &(0x7f0000000f00)=[{{&(0x7f0000000fc0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000200)=""/230, 0xe6}, {&(0x7f0000000300)=""/251, 0xfb}, {&(0x7f00000008c0)=""/174, 0xae}], 0x4, &(0x7f0000000440)=""/226, 0xe2}, 0x2}, {{&(0x7f0000000540)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/193, 0xc1}], 0x2, &(0x7f0000000080)=""/47, 0x2f}, 0x10000}, {{&(0x7f0000000800)=@can, 0x80, &(0x7f0000000dc0), 0x0, &(0x7f0000000e40)=""/185, 0xb9}, 0x8}], 0x3, 0x20012040, 0x0) [ 164.214554][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.221639][ T8997] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.252930][ T8997] device bridge_slave_1 entered promiscuous mode [ 164.307119][ T8995] device hsr_slave_0 entered promiscuous mode [ 164.364284][ T8995] device hsr_slave_1 entered promiscuous mode 14:41:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000100)={0x19980330}, &(0x7f00000001c0)) pipe2(&(0x7f0000000000), 0x0) socket$rds(0x15, 0x5, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0xa4, &(0x7f0000000080)) [ 164.427694][ T8997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.467340][ T9003] IPVS: ftp: loaded support on port[0] = 21 [ 164.475773][ T8997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.596551][ T8997] team0: Port device team_slave_0 added [ 164.665259][ T8997] team0: Port device team_slave_1 added [ 164.708878][ T9006] IPVS: ftp: loaded support on port[0] = 21 [ 164.740585][ T9001] chnl_net:caif_netlink_parms(): no params data found 14:41:46 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000640)) socket$kcm(0x29, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x29, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)) socket$kcm(0x29, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000680)) socket$kcm(0x29, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0)) r0 = socket$kcm(0x29, 0x5, 0x0) socket$kcm(0xa, 0x5, 0x0) socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={r1}) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xde, &(0x7f00000000c0), 0x10000000000000a0}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f00000001c0)='veth0\x00') [ 164.824228][ T8997] device hsr_slave_0 entered promiscuous mode [ 164.863204][ T8997] device hsr_slave_1 entered promiscuous mode [ 164.902396][ T8997] debugfs: Directory 'hsr0' with parent '/' already present! [ 164.943991][ T9008] IPVS: ftp: loaded support on port[0] = 21 [ 165.011695][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.018976][ T9001] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.026786][ T9001] device bridge_slave_0 entered promiscuous mode [ 165.036481][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.044432][ T9001] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.052419][ T9001] device bridge_slave_1 entered promiscuous mode [ 165.129043][ T9001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.143329][ T9001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.188941][ T9001] team0: Port device team_slave_0 added [ 165.211307][ T9001] team0: Port device team_slave_1 added [ 165.217416][ T9003] chnl_net:caif_netlink_parms(): no params data found [ 165.294308][ T9001] device hsr_slave_0 entered promiscuous mode [ 165.332307][ T9001] device hsr_slave_1 entered promiscuous mode [ 165.382010][ T9001] debugfs: Directory 'hsr0' with parent '/' already present! [ 165.417988][ T8995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.460102][ T9006] chnl_net:caif_netlink_parms(): no params data found [ 165.501289][ T9003] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.509126][ T9003] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.516956][ T9003] device bridge_slave_0 entered promiscuous mode [ 165.529785][ T9003] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.536969][ T9003] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.544978][ T9003] device bridge_slave_1 entered promiscuous mode [ 165.578863][ T9008] chnl_net:caif_netlink_parms(): no params data found [ 165.606333][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.614437][ T9001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.622356][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.629434][ T9001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.646495][ T9011] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.654905][ T9011] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.665819][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.674516][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.695402][ T8995] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.711598][ T9003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.727778][ T9003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.751591][ T9006] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.759059][ T9006] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.768392][ T9006] device bridge_slave_0 entered promiscuous mode [ 165.781043][ T9006] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.788592][ T9006] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.796617][ T9006] device bridge_slave_1 entered promiscuous mode [ 165.804934][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.814049][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.822735][ T9009] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.829763][ T9009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.837799][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.846563][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.856610][ T9009] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.863807][ T9009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.871638][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 165.899251][ T9003] team0: Port device team_slave_0 added [ 165.925785][ T9006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.937881][ T9003] team0: Port device team_slave_1 added [ 165.961318][ T9008] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.968766][ T9008] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.976793][ T9008] device bridge_slave_0 entered promiscuous mode [ 165.987477][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 165.999852][ T9006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.016556][ T8997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.030851][ T9008] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.038323][ T9008] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.047469][ T9008] device bridge_slave_1 entered promiscuous mode [ 166.077568][ T9008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.125183][ T9003] device hsr_slave_0 entered promiscuous mode [ 166.165483][ T9003] device hsr_slave_1 entered promiscuous mode [ 166.232006][ T9003] debugfs: Directory 'hsr0' with parent '/' already present! [ 166.259134][ T9008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.293994][ T9008] team0: Port device team_slave_0 added [ 166.304608][ T9006] team0: Port device team_slave_0 added [ 166.311677][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.320877][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.328957][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.336797][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.346266][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.355404][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.375190][ T9008] team0: Port device team_slave_1 added [ 166.387738][ T9006] team0: Port device team_slave_1 added [ 166.395831][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.406701][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.415210][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.423962][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.437437][ T8997] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.493874][ T9008] device hsr_slave_0 entered promiscuous mode [ 166.542302][ T9008] device hsr_slave_1 entered promiscuous mode [ 166.582024][ T9008] debugfs: Directory 'hsr0' with parent '/' already present! [ 166.589786][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.599668][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.612460][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.621214][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.630067][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.637267][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.677948][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.687875][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.696942][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.705714][ T9011] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.712851][ T9011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.720814][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.729528][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.743143][ T8995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.756192][ T9001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.825307][ T9006] device hsr_slave_0 entered promiscuous mode [ 166.862386][ T9006] device hsr_slave_1 entered promiscuous mode [ 166.932345][ T9006] debugfs: Directory 'hsr0' with parent '/' already present! [ 167.001027][ T9001] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.012791][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.022596][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.033164][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.041340][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.049907][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.091661][ T8995] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.100772][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.116673][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.130194][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.137346][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.145485][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.154423][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.163560][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.170796][ T3022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.178589][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.187708][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.196422][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.231352][ T8997] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 167.243552][ T8997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.257457][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.267522][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.276695][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.286063][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.294670][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.333159][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.340846][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.355030][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.363699][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.378667][ T9003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.402017][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.411176][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.420195][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.429573][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.451718][ T8997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.474867][ T9001] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.487289][ T9001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.500477][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.514326][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.534787][ T9003] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.565136][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.573642][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.665956][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.688678][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.706489][ T9011] bridge0: port 1(bridge_slave_0) entered blocking state 14:41:49 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={r0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe35}, 0x20) [ 167.713648][ T9011] bridge0: port 1(bridge_slave_0) entered forwarding state 14:41:49 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={r0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe35}, 0x20) 14:41:49 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 167.764064][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.791045][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 14:41:49 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={r0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe35}, 0x20) [ 167.836320][ T9011] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.843488][ T9011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.862457][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 14:41:49 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x1, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00005f7ffb)='nfs4\x00', 0x0, &(0x7f000000a000)) [ 167.926013][ T9006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.961280][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 14:41:49 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 167.986581][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.022326][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.030983][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.039842][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.062178][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.077647][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 14:41:50 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x1, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00005f7ffb)='nfs4\x00', 0x0, &(0x7f000000a000)) [ 168.099850][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.113760][ T9008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.120869][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.165135][ T9003] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.186583][ T9001] 8021q: adding VLAN 0 to HW filter on device batadv0 14:41:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 168.215279][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.252227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.260720][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.335267][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.362853][ T9006] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.378377][ T9008] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.389073][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.398254][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.407815][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.415052][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.424408][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.432463][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.463328][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.471501][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.480591][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.489195][ T111] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.496291][ T111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.508574][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.517589][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.526480][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.535337][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.543923][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.552903][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.561283][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.570321][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.578870][ T111] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.585986][ T111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.594471][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.603301][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.611633][ T111] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.618754][ T111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.626654][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.636590][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.644760][ T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.668868][ T9003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.699221][ T9006] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 14:41:50 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) sendmmsg$inet(r0, &(0x7f0000002540)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)='2', 0x1}], 0x1}}, {{&(0x7f0000000640)={0x2, 0x0, @empty=0xc6120000}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000680)='w', 0x1}], 0x1}}], 0x2, 0x0) [ 168.738519][ T9006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.759762][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.783829][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.809107][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.833957][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.842915][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.851202][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.860844][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.869629][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.878512][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.887323][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.895062][ T9011] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.922885][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.933792][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.950763][ T9008] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.962941][ T9008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.973748][ T9006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.995706][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.004627][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.048622][ T9008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.120623][ T9078] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 169.290063][ T9092] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) [ 169.377529][ T9097] ================================================================== [ 169.385779][ T9097] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 169.393079][ T9097] Write of size 8 at addr 0000000000000004 by task syz-executor.4/9097 [ 169.401312][ T9097] [ 169.403633][ T9097] CPU: 0 PID: 9097 Comm: syz-executor.4 Not tainted 5.4.0-rc5-next-20191028 #0 [ 169.412562][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.422607][ T9097] Call Trace: [ 169.425903][ T9097] dump_stack+0x172/0x1f0 [ 169.430593][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.435530][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.440461][ T9097] __kasan_report.cold+0x5/0x41 [ 169.445344][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.450414][ T9097] kasan_report+0x12/0x20 [ 169.454850][ T9097] check_memory_region+0x134/0x1a0 [ 169.459953][ T9097] __kasan_check_write+0x14/0x20 [ 169.464911][ T9097] io_wq_cancel_all+0x28/0x2a0 [ 169.469678][ T9097] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 169.475303][ T9097] io_uring_release+0x42/0x50 [ 169.480094][ T9097] __fput+0x2ff/0x890 [ 169.484079][ T9097] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 169.489871][ T9097] ____fput+0x16/0x20 [ 169.493838][ T9097] task_work_run+0x145/0x1c0 [ 169.498430][ T9097] do_exit+0x904/0x2e60 [ 169.502578][ T9097] ? mm_update_next_owner+0x640/0x640 [ 169.507936][ T9097] ? lock_downgrade+0x920/0x920 [ 169.512783][ T9097] ? _raw_spin_unlock_irq+0x23/0x80 [ 169.517983][ T9097] ? get_signal+0x392/0x24f0 [ 169.522721][ T9097] ? _raw_spin_unlock_irq+0x23/0x80 [ 169.527911][ T9097] do_group_exit+0x135/0x360 [ 169.532771][ T9097] get_signal+0x47c/0x24f0 [ 169.537181][ T9097] ? lock_downgrade+0x920/0x920 [ 169.542040][ T9097] do_signal+0x87/0x1700 [ 169.546282][ T9097] ? __kasan_check_read+0x11/0x20 [ 169.551288][ T9097] ? _copy_to_user+0x118/0x160 [ 169.556055][ T9097] ? setup_sigcontext+0x7d0/0x7d0 [ 169.561083][ T9097] ? exit_to_usermode_loop+0x43/0x380 [ 169.566440][ T9097] ? do_syscall_64+0x65f/0x760 [ 169.571718][ T9097] ? exit_to_usermode_loop+0x43/0x380 [ 169.577268][ T9097] ? lockdep_hardirqs_on+0x421/0x5e0 [ 169.582548][ T9097] ? trace_hardirqs_on+0x67/0x240 [ 169.587666][ T9097] exit_to_usermode_loop+0x286/0x380 [ 169.592937][ T9097] do_syscall_64+0x65f/0x760 [ 169.597517][ T9097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.603406][ T9097] RIP: 0033:0x459f39 [ 169.607295][ T9097] Code: Bad RIP value. [ 169.611413][ T9097] RSP: 002b:00007f5dd8833cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 169.619893][ T9097] RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 0000000000459f39 [ 169.627861][ T9097] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078 [ 169.635833][ T9097] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 169.643795][ T9097] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c [ 169.651964][ T9097] R13: 00007ffea50a1e0f R14: 00007f5dd88349c0 R15: 000000000075c07c [ 169.660336][ T9097] ================================================================== [ 169.668449][ T9097] Disabling lock debugging due to kernel taint [ 169.681076][ T9097] Kernel panic - not syncing: panic_on_warn set ... [ 169.687878][ T9097] CPU: 0 PID: 9097 Comm: syz-executor.4 Tainted: G B 5.4.0-rc5-next-20191028 #0 [ 169.698192][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.708232][ T9097] Call Trace: [ 169.711508][ T9097] dump_stack+0x172/0x1f0 [ 169.715823][ T9097] panic+0x2e3/0x75c [ 169.719811][ T9097] ? add_taint.cold+0x16/0x16 [ 169.724676][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.729704][ T9097] ? preempt_schedule+0x4b/0x60 [ 169.734564][ T9097] ? ___preempt_schedule+0x16/0x18 [ 169.739681][ T9097] ? trace_hardirqs_on+0x5e/0x240 [ 169.744705][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.749633][ T9097] end_report+0x47/0x4f [ 169.753788][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.758722][ T9097] __kasan_report.cold+0xe/0x41 [ 169.763555][ T9097] ? io_wq_cancel_all+0x28/0x2a0 [ 169.768479][ T9097] kasan_report+0x12/0x20 [ 169.772805][ T9097] check_memory_region+0x134/0x1a0 [ 169.777919][ T9097] __kasan_check_write+0x14/0x20 [ 169.782868][ T9097] io_wq_cancel_all+0x28/0x2a0 [ 169.787616][ T9097] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 169.793246][ T9097] io_uring_release+0x42/0x50 [ 169.797980][ T9097] __fput+0x2ff/0x890 [ 169.801985][ T9097] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 169.808510][ T9097] ____fput+0x16/0x20 [ 169.812563][ T9097] task_work_run+0x145/0x1c0 [ 169.817144][ T9097] do_exit+0x904/0x2e60 [ 169.821285][ T9097] ? mm_update_next_owner+0x640/0x640 [ 169.826643][ T9097] ? lock_downgrade+0x920/0x920 [ 169.831487][ T9097] ? _raw_spin_unlock_irq+0x23/0x80 [ 169.836796][ T9097] ? get_signal+0x392/0x24f0 [ 169.841374][ T9097] ? _raw_spin_unlock_irq+0x23/0x80 [ 169.846664][ T9097] do_group_exit+0x135/0x360 [ 169.851256][ T9097] get_signal+0x47c/0x24f0 [ 169.855682][ T9097] ? lock_downgrade+0x920/0x920 [ 169.860520][ T9097] do_signal+0x87/0x1700 [ 169.864761][ T9097] ? __kasan_check_read+0x11/0x20 [ 169.869770][ T9097] ? _copy_to_user+0x118/0x160 [ 169.874538][ T9097] ? setup_sigcontext+0x7d0/0x7d0 14:41:51 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) r2 = dup(r0) bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x2f0, 0x20000008, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000400)='./file0\x00', 0x141042, 0xc0) timer_settime(0x0, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4) ftruncate(r3, 0x80003) socket$nl_route(0x10, 0x3, 0x0) getresgid(&(0x7f0000000180), 0x0, 0x0) r4 = socket$inet6(0xa, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) setsockopt$inet6_udp_int(r5, 0x11, 0x1, 0x0, 0xfcab) r6 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) fchmod(r6, 0x14a) truncate(0x0, 0x0) getgroups(0x0, 0x0) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) dup(r4) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffe) recvmmsg(r1, &(0x7f0000000f00)=[{{&(0x7f0000000fc0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000200)=""/230, 0xe6}, {&(0x7f0000000300)=""/251, 0xfb}, {&(0x7f00000008c0)=""/174, 0xae}], 0x4, &(0x7f0000000440)=""/226, 0xe2}, 0x2}, {{&(0x7f0000000540)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/193, 0xc1}], 0x2, &(0x7f0000000080)=""/47, 0x2f}, 0x10000}, {{&(0x7f0000000800)=@can, 0x80, &(0x7f0000000dc0), 0x0, &(0x7f0000000e40)=""/185, 0xb9}, 0x8}], 0x3, 0x20012040, 0x0) [ 169.879570][ T9097] ? exit_to_usermode_loop+0x43/0x380 [ 169.884925][ T9097] ? do_syscall_64+0x65f/0x760 [ 169.889680][ T9097] ? exit_to_usermode_loop+0x43/0x380 [ 169.895036][ T9097] ? lockdep_hardirqs_on+0x421/0x5e0 [ 169.900301][ T9097] ? trace_hardirqs_on+0x67/0x240 [ 169.905309][ T9097] exit_to_usermode_loop+0x286/0x380 [ 169.910601][ T9097] do_syscall_64+0x65f/0x760 [ 169.915311][ T9097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.921201][ T9097] RIP: 0033:0x459f39 [ 169.925096][ T9097] Code: Bad RIP value. [ 169.929155][ T9097] RSP: 002b:00007f5dd8833cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 169.937492][ T3919] kobject: 'loop3' (0000000022120d33): kobject_uevent_env [ 169.937568][ T9097] RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 0000000000459f39 [ 169.951002][ T3919] kobject: 'loop3' (0000000022120d33): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 169.952621][ T9097] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078 [ 169.952628][ T9097] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 169.952634][ T9097] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c [ 169.952642][ T9097] R13: 00007ffea50a1e0f R14: 00007f5dd88349c0 R15: 000000000075c07c [ 169.954421][ T9097] Kernel Offset: disabled [ 170.000697][ T9097] Rebooting in 86400 seconds..