[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   84.891175][   T27] audit: type=1800 audit(1578900890.773:25): pid=9374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   84.927543][   T27] audit: type=1800 audit(1578900890.773:26): pid=9374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   84.980201][   T27] audit: type=1800 audit(1578900890.783:27): pid=9374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts.
2020/01/13 07:35:00 fuzzer started
2020/01/13 07:35:01 dialing manager at 10.128.0.26:34099
2020/01/13 07:35:01 syscalls: 2849
2020/01/13 07:35:01 code coverage: enabled
2020/01/13 07:35:01 comparison tracing: enabled
2020/01/13 07:35:01 extra coverage: enabled
2020/01/13 07:35:01 setuid sandbox: enabled
2020/01/13 07:35:01 namespace sandbox: enabled
2020/01/13 07:35:01 Android sandbox: /sys/fs/selinux/policy does not exist
2020/01/13 07:35:01 fault injection: enabled
2020/01/13 07:35:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/01/13 07:35:01 net packet injection: enabled
2020/01/13 07:35:01 net device setup: enabled
2020/01/13 07:35:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/01/13 07:35:01 devlink PCI setup: PCI device 0000:00:10.0 is not available
07:35:02 executing program 0:
io_setup(0x5e, &(0x7f0000000140)=<r0=>0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
io_submit(r0, 0x1, &(0x7f0000003840)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}])

07:35:02 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x800, 0x62)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, 0x0, 0x0)
sendmsg$nl_netfilter(r2, &(0x7f00000014c0)={&(0x7f0000000340), 0xc, &(0x7f0000001480)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000080)={0x6, 0xc, 0x4, 0x1000000, 0x0, {0x77359400}, {0x1, 0x4bab74a0da21fce, 0x0, 0x0, 0x1, 0x6, "c78dd5c4"}, 0x3, 0x3, @userptr, 0x9f, 0x0, <r3=>0xffffffffffffffff})
renameat2(r1, &(0x7f0000000040)='./file0\x00', r3, 0x0, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

syzkaller login: [   96.889532][ T9541] IPVS: ftp: loaded support on port[0] = 21
[   97.029655][ T9541] chnl_net:caif_netlink_parms(): no params data found
[   97.079533][ T9541] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.087217][ T9541] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.096037][ T9541] device bridge_slave_0 entered promiscuous mode
[   97.107211][ T9541] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.115711][ T9541] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.125344][ T9541] device bridge_slave_1 entered promiscuous mode
[   97.151238][ T9541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.164002][ T9541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.193528][ T9541] team0: Port device team_slave_0 added
[   97.204151][ T9541] team0: Port device team_slave_1 added
[   97.208801][ T9545] IPVS: ftp: loaded support on port[0] = 21
07:35:03 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18)
sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={0x0, 0xefff}}, 0x0)

[   97.291393][ T9541] device hsr_slave_0 entered promiscuous mode
[   97.347546][ T9541] device hsr_slave_1 entered promiscuous mode
07:35:03 executing program 3:
open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r1])
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x4000)

[   97.485641][ T9547] IPVS: ftp: loaded support on port[0] = 21
[   97.603174][ T9541] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.723580][ T9541] netdevsim netdevsim0 netdevsim1: renamed from eth1
07:35:03 executing program 4:
r0 = socket(0x10, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000), 0xff6d)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = getpgid(0x0)
process_vm_readv(r2, 0x0, 0x0, &(0x7f0000002f80)=[{&(0x7f0000000c00)=""/215, 0xd7}], 0x1, 0x0)
getpgid(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x2ea, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
recvmsg(r1, &(0x7f0000000240)={0x0, 0xfffffffffffffd83, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x5801}], 0x1}, 0x100)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000280)=ANY=[@ANYBLOB="7261770000ac956a0000ada20078c9dfa270000000000000"], 0x0)
write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd)

[   97.816409][ T9545] chnl_net:caif_netlink_parms(): no params data found
[   97.840097][ T9541] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.909829][ T9541] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.960812][ T9550] IPVS: ftp: loaded support on port[0] = 21
[   98.028435][ T9541] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.035670][ T9541] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.043581][ T9541] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.050793][ T9541] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.067791][ T9552] IPVS: ftp: loaded support on port[0] = 21
07:35:04 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[0x300000000000000, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x6000000, 0x40030000000000]}}}, @sadb_address={0x5, 0x9, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr="f700000200"}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

[   98.088941][ T9545] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.096678][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.106141][ T9545] device bridge_slave_0 entered promiscuous mode
[   98.125561][ T2924] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.140308][ T2924] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.167341][ T9545] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.174451][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.198323][ T9545] device bridge_slave_1 entered promiscuous mode
[   98.307373][ T9545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.323280][ T9545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.358814][ T9545] team0: Port device team_slave_0 added
[   98.368359][ T9545] team0: Port device team_slave_1 added
[   98.382486][ T9556] IPVS: ftp: loaded support on port[0] = 21
[   98.383142][ T9550] chnl_net:caif_netlink_parms(): no params data found
[   98.401911][ T9547] chnl_net:caif_netlink_parms(): no params data found
[   98.532096][ T9545] device hsr_slave_0 entered promiscuous mode
[   98.597841][ T9545] device hsr_slave_1 entered promiscuous mode
[   98.667249][ T9545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   98.675130][ T9545] Cannot create hsr debugfs directory
[   98.741618][ T9547] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.748937][ T9547] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.756770][ T9547] device bridge_slave_0 entered promiscuous mode
[   98.770977][ T9550] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.778907][ T9550] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.786617][ T9550] device bridge_slave_0 entered promiscuous mode
[   98.806307][ T9547] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.814476][ T9547] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.822813][ T9547] device bridge_slave_1 entered promiscuous mode
[   98.845193][ T9547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.854474][ T9550] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.862156][ T9550] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.870797][ T9550] device bridge_slave_1 entered promiscuous mode
[   98.887009][ T9541] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.908190][ T9547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.924832][ T9552] chnl_net:caif_netlink_parms(): no params data found
[   98.939525][ T9541] 8021q: adding VLAN 0 to HW filter on device team0
[   98.950302][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   98.958905][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.001290][ T9550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.015258][ T9550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.054836][ T9547] team0: Port device team_slave_0 added
[   99.063511][ T9547] team0: Port device team_slave_1 added
[   99.086258][ T9550] team0: Port device team_slave_0 added
[   99.112245][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.122724][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.131924][ T2803] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.139022][ T2803] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.156367][ T9550] team0: Port device team_slave_1 added
[   99.219051][ T9547] device hsr_slave_0 entered promiscuous mode
[   99.257446][ T9547] device hsr_slave_1 entered promiscuous mode
[   99.297216][ T9547] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.304859][ T9547] Cannot create hsr debugfs directory
[   99.311969][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.323948][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.333001][ T2804] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.340185][ T2804] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.360442][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.369327][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.378539][ T9556] chnl_net:caif_netlink_parms(): no params data found
[   99.427222][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.436026][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.445042][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.453644][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.462041][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   99.471344][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   99.480103][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   99.488788][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   99.497830][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   99.505870][ T9552] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.513638][ T9552] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.521670][ T9552] device bridge_slave_0 entered promiscuous mode
[   99.535313][ T9552] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.543977][ T9552] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.552094][ T9552] device bridge_slave_1 entered promiscuous mode
[   99.630152][ T9550] device hsr_slave_0 entered promiscuous mode
[   99.687620][ T9550] device hsr_slave_1 entered promiscuous mode
[   99.727221][ T9550] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.734803][ T9550] Cannot create hsr debugfs directory
[   99.772293][ T9541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   99.789189][ T9545] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   99.823531][ T9545] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   99.890755][ T9556] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.898511][ T9556] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.906207][ T9556] device bridge_slave_0 entered promiscuous mode
[   99.931992][ T9552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.941810][ T9545] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   99.979158][ T9556] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.986419][ T9556] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.995179][ T9556] device bridge_slave_1 entered promiscuous mode
[  100.018272][ T9552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.028780][ T9545] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  100.073154][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  100.080781][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  100.111406][ T9556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.129461][ T9556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.166953][ T9552] team0: Port device team_slave_0 added
[  100.183309][ T9541] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.204486][ T9552] team0: Port device team_slave_1 added
[  100.221646][ T9556] team0: Port device team_slave_0 added
[  100.249832][ T9556] team0: Port device team_slave_1 added
[  100.349141][ T9552] device hsr_slave_0 entered promiscuous mode
[  100.397576][ T9552] device hsr_slave_1 entered promiscuous mode
[  100.457276][ T9552] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.464910][ T9552] Cannot create hsr debugfs directory
[  100.488733][ T9550] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  100.534925][ T9550] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  100.599760][ T9550] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  100.650192][ T9550] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  100.711011][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  100.720062][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  100.728978][ T9547] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  100.780444][ T9547] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  100.891752][ T9556] device hsr_slave_0 entered promiscuous mode
[  100.947586][ T9556] device hsr_slave_1 entered promiscuous mode
[  100.987221][ T9556] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.994790][ T9556] Cannot create hsr debugfs directory
[  101.021204][ T9547] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  101.062533][ T9547] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  101.171764][ T9541] device veth0_vlan entered promiscuous mode
[  101.188404][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.196466][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.238441][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.246346][ T2924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.284536][ T9556] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  101.319511][ T9556] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  101.422837][ T9541] device veth1_vlan entered promiscuous mode
[  101.431156][ T9556] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  101.513167][ T9556] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  101.583410][ T9545] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.621997][ T9547] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.652122][ T9552] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  101.700076][ T9552] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  101.802751][ T9547] 8021q: adding VLAN 0 to HW filter on device team0
[  101.824630][ T9545] 8021q: adding VLAN 0 to HW filter on device team0
[  101.839985][ T9552] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  101.883586][ T9552] netdevsim netdevsim4 netdevsim3: renamed from eth3
07:35:07 executing program 0:
io_setup(0x5e, &(0x7f0000000140)=<r0=>0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
io_submit(r0, 0x1, &(0x7f0000003840)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}])

[  101.939742][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.948887][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.956700][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.965114][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.973545][ T9541] ------------[ cut here ]------------
[  101.979021][ T9541] kernel BUG at fs/namei.c:684!
[  101.986814][ T9541] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  101.992901][ T9541] CPU: 1 PID: 9541 Comm: syz-executor.0 Not tainted 5.5.0-rc5-next-20200113-syzkaller #0
[  102.002695][ T9541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.012761][ T9541] RIP: 0010:unlazy_walk+0x306/0x3b0
[  102.017958][ T9541] Code: ff ff ff e8 6c 3f a1 ff e8 e7 d8 b3 ff 48 c7 c6 74 6c c1 81 48 c7 c7 00 f7 ba 89 e8 e4 97 99 ff e9 d8 fe ff ff e8 ca d8 b3 ff <0f> 0b e8 c3 d8 b3 ff 0f 0b e8 bc d8 b3 ff e8 27 86 a0 ff 31 ff 89
[  102.020804][ T9547] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  102.037556][ T9541] RSP: 0018:ffffc90002237ba0 EFLAGS: 00010293
[  102.037567][ T9541] RAX: ffff888098786480 RBX: ffffc90002237c60 RCX: ffffffff81c16a16
[  102.037573][ T9541] RDX: 0000000000000000 RSI: ffffffff81c16ca6 RDI: 0000000000000005
[  102.037581][ T9541] RBP: ffffc90002237bd0 R08: ffff888098786480 R09: ffff888098786d18
[  102.037595][ T9541] R10: fffffbfff1549b88 R11: ffffffff8aa4dc47 R12: 0000000000000009
[  102.047922][ T9547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.054039][ T9541] R13: ffffc90002237c68 R14: ffff8880910d09e0 R15: 0000000000000000
[  102.079510][ T9547] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.085878][ T9541] FS:  000000000259a940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  102.119816][ T9541] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.121256][ T9547] device veth0_vlan entered promiscuous mode
[  102.126399][ T9541] CR2: 00000000025a3978 CR3: 000000007d4eb000 CR4: 00000000001406e0
[  102.138257][ T9547] device veth1_vlan entered promiscuous mode
[  102.140332][ T9541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  102.154372][ T9541] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  102.162341][ T9541] Call Trace:
[  102.165638][ T9541]  path_mountpoint.isra.0+0x1d5/0x340
[  102.171013][ T9541]  ? find_held_lock+0x35/0x130
[  102.175782][ T9541]  filename_mountpoint+0x181/0x380
[  102.180895][ T9541]  ? filename_parentat.isra.0+0x400/0x400
[  102.186619][ T9541]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  102.192782][ T9541]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  102.198509][ T9541]  ? strncpy_from_user+0x2b4/0x400
[  102.203622][ T9541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.206927][ T9552] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.209900][ T9541]  ? getname_flags+0x277/0x5b0
[  102.209915][ T9541]  user_path_mountpoint_at+0x3a/0x50
[  102.209932][ T9541]  ksys_umount+0x164/0xef0
[  102.225851][ T9552] 8021q: adding VLAN 0 to HW filter on device team0
[  102.226528][ T9541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.243732][ T9541]  ? __detach_mounts+0x290/0x290
[  102.248674][ T9541]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  102.254144][ T9541]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  102.255810][ T9552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  102.259600][ T9541]  ? do_syscall_64+0x26/0x790
[  102.259614][ T9541]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.259633][ T9541]  ? do_syscall_64+0x26/0x790
[  102.269968][ T9552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.274612][ T9541]  ? lockdep_hardirqs_on+0x421/0x5e0
[  102.297782][ T9552] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.300883][ T9541]  __x64_sys_umount+0x54/0x80
[  102.312448][ T9541]  do_syscall_64+0xfa/0x790
[  102.316961][ T9541]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.322849][ T9541] RIP: 0033:0x45d977
[  102.326750][ T9541] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  102.346468][ T9541] RSP: 002b:00007ffc726ba098 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  102.354881][ T9541] RAX: ffffffffffffffda RBX: 0000000000018dc7 RCX: 000000000045d977
[  102.362854][ T9541] RDX: 0000000000403720 RSI: 0000000000000002 RDI: 00007ffc726ba140
[  102.369808][ T9552] device veth0_vlan entered promiscuous mode
[  102.370829][ T9541] RBP: 0000000000000002 R08: 0000000000000000 R09: 000000000000000e
[  102.383007][ T9552] device veth1_vlan entered promiscuous mode
[  102.384784][ T9541] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffc726bb1d0
[  102.398706][ T9541] R13: 000000000259b940 R14: 0000000000000000 R15: 00007ffc726bb1d0
[  102.405229][ T9550] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.406676][ T9541] Modules linked in:
[  102.419659][ T9541] ---[ end trace 88462d4116616c0b ]---
[  102.420332][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  102.425163][ T9541] RIP: 0010:unlazy_walk+0x306/0x3b0
[  102.438400][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  102.438421][ T9541] Code: ff ff ff e8 6c 3f a1 ff e8 e7 d8 b3 ff 48 c7 c6 74 6c c1 81 48 c7 c7 00 f7 ba 89 e8 e4 97 99 ff e9 d8 fe ff ff e8 ca d8 b3 ff <0f> 0b e8 c3 d8 b3 ff 0f 0b e8 bc d8 b3 ff e8 27 86 a0 ff 31 ff 89
[  102.446329][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.468829][ T9541] RSP: 0018:ffffc90002237ba0 EFLAGS: 00010293
[  102.474840][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.480588][ T9541] RAX: ffff888098786480 RBX: ffffc90002237c60 RCX: ffffffff81c16a16
[  102.480596][ T9541] RDX: 0000000000000000 RSI: ffffffff81c16ca6 RDI: 0000000000000005
[  102.480604][ T9541] RBP: ffffc90002237bd0 R08: ffff888098786480 R09: ffff888098786d18
[  102.480611][ T9541] R10: fffffbfff1549b88 R11: ffffffff8aa4dc47 R12: 0000000000000009
[  102.480619][ T9541] R13: ffffc90002237c68 R14: ffff8880910d09e0 R15: 0000000000000000
[  102.499657][ T2802] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.504870][ T9541] FS:  000000000259a940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  102.512640][ T2802] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.521169][ T9541] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.529591][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.538911][ T9541] CR2: 00000000025a3978 CR3: 000000007d4eb000 CR4: 00000000001406e0
[  102.545097][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.552119][ T9541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  102.561109][ T2802] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.566649][ T9541] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  102.574449][ T2802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.575116][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.585031][ T9541] Kernel panic - not syncing: Fatal exception
[  102.591399][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.599046][ T9541] Kernel Offset: disabled
[  102.640263][ T9541] Rebooting in 86400 seconds..