[ 54.743433][ T26] audit: type=1800 audit(1573140885.996:28): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 54.991720][ T7718] sshd (7718) used greatest stack depth: 10128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.196463][ T26] audit: type=1800 audit(1573140886.566:29): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 55.219221][ T26] audit: type=1800 audit(1573140886.566:30): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. 2019/11/07 15:34:55 fuzzer started 2019/11/07 15:34:57 dialing manager at 10.128.0.105:38105 2019/11/07 15:34:57 syscalls: 2553 2019/11/07 15:34:57 code coverage: enabled 2019/11/07 15:34:57 comparison tracing: enabled 2019/11/07 15:34:57 extra coverage: extra coverage is not supported by the kernel 2019/11/07 15:34:57 setuid sandbox: enabled 2019/11/07 15:34:57 namespace sandbox: enabled 2019/11/07 15:34:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 15:34:57 fault injection: enabled 2019/11/07 15:34:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 15:34:57 net packet injection: enabled 2019/11/07 15:34:57 net device setup: enabled 2019/11/07 15:34:57 concurrency sanitizer: enabled 2019/11/07 15:34:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/07 15:34:59 adding functions to KCSAN blacklist: 'find_next_bit' 'pipe_poll' 'ext4_free_inode' 'ktime_get_real_seconds' '__hrtimer_run_queues' 'tcp_add_backlog' 'common_perm_cond' 'tomoyo_supervisor' 'generic_permission' 15:35:03 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) 15:35:03 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0207a600008108000000ff07000000000000000000000000000002000000000000004200000000000000018000000000000300000000000000000000000055aa", 0x40, 0x1c0}]) syzkaller login: [ 71.947043][ T7827] IPVS: ftp: loaded support on port[0] = 21 [ 72.035848][ T7827] chnl_net:caif_netlink_parms(): no params data found [ 72.103653][ T7827] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.129401][ T7827] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.137163][ T7827] device bridge_slave_0 entered promiscuous mode [ 72.144976][ T7827] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.152184][ T7827] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.160001][ T7827] device bridge_slave_1 entered promiscuous mode [ 72.173058][ T7830] IPVS: ftp: loaded support on port[0] = 21 [ 72.180501][ T7827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.191205][ T7827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.214687][ T7827] team0: Port device team_slave_0 added [ 72.223510][ T7827] team0: Port device team_slave_1 added 15:35:03 executing program 2: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, &(0x7f0000000040)) [ 72.304887][ T7827] device hsr_slave_0 entered promiscuous mode [ 72.419679][ T7827] device hsr_slave_1 entered promiscuous mode 15:35:03 executing program 3: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x80005, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab08) [ 72.551660][ T7832] IPVS: ftp: loaded support on port[0] = 21 [ 72.633933][ T7827] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.641029][ T7827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.648287][ T7827] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.655366][ T7827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.900726][ T7827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.910689][ T7830] chnl_net:caif_netlink_parms(): no params data found [ 72.956135][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.991168][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.021208][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.050094][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.103770][ T7827] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.132991][ T7832] chnl_net:caif_netlink_parms(): no params data found [ 73.157052][ T7859] IPVS: ftp: loaded support on port[0] = 21 [ 73.202011][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.229903][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.238212][ T45] bridge0: port 1(bridge_slave_0) entered blocking state 15:35:04 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@cswp={0x58, 0x102, 0x7, {{}, 0x0, 0x0}}], 0x58}, 0x0) [ 73.245305][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.320001][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.329098][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.390205][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.397481][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.449943][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.470160][ T7830] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.477215][ T7830] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.520136][ T7830] device bridge_slave_0 entered promiscuous mode [ 73.593235][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.610593][ T7830] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.617689][ T7830] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.650254][ T7830] device bridge_slave_1 entered promiscuous mode [ 73.668482][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.677836][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.710337][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.718844][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.760631][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.774014][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.809371][ T7832] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.859630][ T7832] device bridge_slave_0 entered promiscuous mode [ 73.874122][ T7827] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.909417][ T7827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.961776][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.980323][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.988976][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.040948][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.061987][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.069043][ T7832] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.110161][ T7832] device bridge_slave_1 entered promiscuous mode [ 74.151340][ T7830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.181464][ T7830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.214885][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.225952][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.270911][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.284967][ T7863] IPVS: ftp: loaded support on port[0] = 21 [ 74.298042][ T7832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 15:35:05 executing program 5: socket$kcm(0x10, 0x0, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x42, 0x0, &(0x7f0000000500)="b9ff0300000d698cb89e14f008001fffffff00004000630677fbac141414e934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108098da1924425181aa5", 0x0, 0x100}, 0x28) [ 74.361605][ T7832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.445562][ T7827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.467181][ T7830] team0: Port device team_slave_0 added [ 74.485990][ T7832] team0: Port device team_slave_0 added [ 74.500331][ T7830] team0: Port device team_slave_1 added [ 74.517093][ T7832] team0: Port device team_slave_1 added [ 74.567903][ T7874] IPVS: ftp: loaded support on port[0] = 21 [ 74.622023][ T7830] device hsr_slave_0 entered promiscuous mode [ 74.679806][ T7830] device hsr_slave_1 entered promiscuous mode [ 74.729423][ T7830] debugfs: Directory 'hsr0' with parent '/' already present! [ 74.801907][ T7832] device hsr_slave_0 entered promiscuous mode [ 74.839763][ T7832] device hsr_slave_1 entered promiscuous mode [ 74.879429][ T7832] debugfs: Directory 'hsr0' with parent '/' already present! [ 74.907569][ T7859] chnl_net:caif_netlink_parms(): no params data found [ 75.185222][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.232085][ T7859] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.279435][ T7859] device bridge_slave_0 entered promiscuous mode [ 75.397344][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.424028][ T7859] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.452521][ T7859] device bridge_slave_1 entered promiscuous mode 15:35:06 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 75.509720][ T7863] chnl_net:caif_netlink_parms(): no params data found [ 75.695605][ T7832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.733163][ T7874] chnl_net:caif_netlink_parms(): no params data found [ 75.750373][ T7859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.791812][ T7830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.804631][ T7859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.920792][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.928530][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.994042][ T7830] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.021207][ T7859] team0: Port device team_slave_0 added [ 76.028166][ T7859] team0: Port device team_slave_1 added 15:35:07 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 76.203728][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.240029][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.252046][ T7863] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.259195][ T7863] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.295491][ T7863] device bridge_slave_0 entered promiscuous mode [ 76.330325][ T7832] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.387349][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.396298][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.459819][ T3003] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.466874][ T3003] bridge0: port 1(bridge_slave_0) entered forwarding state 15:35:07 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 76.519870][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.560387][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.634138][ T3003] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.641244][ T3003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.716428][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.767895][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.813109][ T3003] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.820198][ T3003] bridge0: port 1(bridge_slave_0) entered forwarding state 15:35:08 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 76.913301][ T7863] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.929463][ T7863] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.937317][ T7863] device bridge_slave_1 entered promiscuous mode [ 77.011370][ T7874] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.018413][ T7874] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.098664][ T7874] device bridge_slave_0 entered promiscuous mode [ 77.158370][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.179984][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.226432][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.280562][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.353345][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 15:35:08 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 77.420079][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.428779][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.528473][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.587842][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.661199][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.676628][ T7874] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.699454][ T7874] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.734951][ T7874] device bridge_slave_1 entered promiscuous mode [ 77.831845][ T7859] device hsr_slave_0 entered promiscuous mode 15:35:09 executing program 0: creat(&(0x7f0000000680)='./bus\x00', 0x0) creat(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000000f3, 0x0) [ 77.889949][ T7859] device hsr_slave_1 entered promiscuous mode [ 77.939387][ T7859] debugfs: Directory 'hsr0' with parent '/' already present! [ 77.954267][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.995322][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.039969][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.048510][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.055576][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.187014][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.243623][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.287011][ T7863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.329043][ T7830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 15:35:09 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = syz_open_procfs(0x0, 0x0) getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$DRM_IOCTL_AGP_ACQUIRE(r1, 0x6430) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) syz_open_dev$sndpcmp(0x0, 0xdd, 0x800) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x7f, 0x8, [0x101, 0x0, 0x7]}) write$tun(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000a01411a00ab006700075d8e9078ac141419ac1414bb07030001008913007f000001ac1414aaac1414bbe0000001830b0dac1e0001e0000078440c0093ffffffff0000ffff004e244e2204019078441eed3d2a5ebf5ef31e52e1db11604e2b49e0b787582e7466f04f38d8c4eac6399f86088daec4493c8138046b65945f91fda53bec7191c8d6483b937e78189ed652d24dfa8abeffff281ab1e190155d2db43ff0d725aebe1100"/184], 0xaf) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) connect(0xffffffffffffffff, &(0x7f0000000100)=@ax25={{0x3, @bcast}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0xfffffffffffffffa) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r5 = socket(0x10, 0x803, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a000000d7c1bb5a9d8d0da6e9cc58ac168bcece50c0e4688e27846d559c629a1140428f346a604def09bac33c5fad83878537c5ee8971781c7479baaa4f596222b1c0a584055cbc35ab7e1d35f2a6f706550000003d2c1af1fbc8c41bc2e3f91449cdbb68a4a2208c5b6653939715cb692290d4c1c605566ddca663cbee9aeb", @ANYRES32, @ANYBLOB="1400010000000000000000000000ffff7f000001"], 0x3}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000540)=[{{&(0x7f0000000400)=@xdp={0x2c, 0x8, 0x0, 0x18}, 0x80, &(0x7f0000000380)}}], 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 78.418624][ T7863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.489223][ T7830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.576142][ T7874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.610497][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.645279][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.689508][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.738715][ T7874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.767192][ T7832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.823602][ T7832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.945989][ T7987] overlayfs: conflicting lowerdir path [ 78.982473][ T7863] team0: Port device team_slave_0 added [ 79.016154][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.058092][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.083549][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.118813][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.159225][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.183840][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.217956][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.244403][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.266442][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.326534][ T7863] team0: Port device team_slave_1 added [ 79.338533][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.363812][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.397817][ T7874] team0: Port device team_slave_0 added [ 79.420846][ T7874] team0: Port device team_slave_1 added [ 79.575628][ T7863] device hsr_slave_0 entered promiscuous mode [ 79.615516][ C0] hrtimer: interrupt took 37162 ns [ 79.628421][ T8001] overlayfs: workdir and upperdir must reside under the same mount [ 79.679777][ T7863] device hsr_slave_1 entered promiscuous mode [ 79.710099][ T7863] debugfs: Directory 'hsr0' with parent '/' already present! [ 79.717600][ T7999] ldm_validate_privheads(): Disk read failed. [ 79.734278][ T7999] loop1: p1 p2 p3 [ 79.739493][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.750423][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.769537][ T7999] loop1: partition table partially beyond EOD, truncated [ 79.785430][ T7832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.810310][ T7999] loop1: p1 start 8 is beyond EOD, truncated [ 79.833962][ T7999] loop1: p2 size 2 extends beyond EOD, truncated [ 79.842851][ T7874] device hsr_slave_0 entered promiscuous mode [ 79.873898][ T7999] loop1: p3 size 32769 extends beyond EOD, truncated [ 79.879832][ T7874] device hsr_slave_1 entered promiscuous mode [ 79.929409][ T7874] debugfs: Directory 'hsr0' with parent '/' already present! [ 79.958610][ T7859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.019828][ T7999] ldm_validate_privheads(): Disk read failed. [ 80.029580][ T7999] loop1: p1 p2 p3 [ 80.033517][ T7969] ================================================================== [ 80.041619][ T7969] BUG: KCSAN: data-race in generic_fillattr / pid_update_inode [ 80.049148][ T7969] [ 80.051485][ T7969] write to 0xffff8881248c3838 of 2 bytes by task 7995 on cpu 0: [ 80.059115][ T7969] pid_update_inode+0x51/0x70 [ 80.059461][ T7999] loop1: partition table partially beyond EOD, truncated [ 80.063894][ T7969] pid_revalidate+0x91/0xd0 [ 80.063934][ T7969] lookup_fast+0x6f2/0x700 [ 80.079807][ T7969] walk_component+0x6d/0xe70 [ 80.084401][ T7969] link_path_walk.part.0+0x5d3/0xa90 [ 80.089697][ T7969] path_openat+0x14f/0x36e0 [ 80.094290][ T7969] do_filp_open+0x11e/0x1b0 [ 80.098790][ T7969] do_sys_open+0x3b3/0x4f0 [ 80.103210][ T7969] __x64_sys_open+0x55/0x70 [ 80.107720][ T7969] do_syscall_64+0xcc/0x370 [ 80.112228][ T7969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.113936][ T7999] loop1: p1 start 8 is beyond EOD, truncated [ 80.118127][ T7969] [ 80.118147][ T7969] read to 0xffff8881248c3838 of 2 bytes by task 7969 on cpu 1: [ 80.118220][ T7969] generic_fillattr+0x6a/0x1e0 [ 80.138772][ T7969] pid_getattr+0x74/0x1a0 [ 80.143117][ T7969] vfs_getattr_nosec+0x12e/0x170 [ 80.148051][ T7969] vfs_getattr+0x54/0x70 [ 80.152290][ T7969] vfs_statx+0x102/0x190 [ 80.156527][ T7969] __do_sys_newstat+0x51/0xb0 [ 80.159420][ T7999] loop1: p2 size 2 extends beyond EOD, truncated [ 80.161222][ T7969] __x64_sys_newstat+0x3a/0x50 [ 80.161333][ T7969] do_syscall_64+0xcc/0x370 [ 80.176866][ T7969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.182744][ T7969] [ 80.185065][ T7969] Reported by Kernel Concurrency Sanitizer on: [ 80.191226][ T7969] CPU: 1 PID: 7969 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 80.197986][ T7969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.208032][ T7969] ================================================================== [ 80.216090][ T7969] Kernel panic - not syncing: panic_on_warn set ... [ 80.222686][ T7969] CPU: 1 PID: 7969 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 80.229442][ T7969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.239495][ T7969] Call Trace: [ 80.242797][ T7969] dump_stack+0xf5/0x159 [ 80.247054][ T7969] panic+0x210/0x640 [ 80.250965][ T7969] ? vprintk_func+0x8d/0x140 [ 80.255565][ T7969] kcsan_report.cold+0xc/0xe [ 80.260167][ T7969] kcsan_setup_watchpoint+0x3fe/0x410 [ 80.265553][ T7969] __tsan_read2+0x145/0x1f0 [ 80.270060][ T7969] generic_fillattr+0x6a/0x1e0 [ 80.274842][ T7969] pid_getattr+0x74/0x1a0 [ 80.279175][ T7969] vfs_getattr_nosec+0x12e/0x170 [ 80.284118][ T7969] ? task_dump_owner+0x260/0x260 [ 80.289071][ T7969] vfs_getattr+0x54/0x70 [ 80.293320][ T7969] vfs_statx+0x102/0x190 [ 80.297575][ T7969] __do_sys_newstat+0x51/0xb0 [ 80.302269][ T7969] __x64_sys_newstat+0x3a/0x50 [ 80.307050][ T7969] do_syscall_64+0xcc/0x370 [ 80.311564][ T7969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.317460][ T7969] RIP: 0033:0x7f3f6ffe9c65 [ 80.321884][ T7969] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16 [ 80.341490][ T7969] RSP: 002b:00007ffec7255de8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 80.349907][ T7969] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f3f6ffe9c65 [ 80.357906][ T7969] RDX: 00007f3f704b7c60 RSI: 00007f3f704b7c60 RDI: 0000000000abc220 [ 80.365880][ T7969] RBP: 0000000000020062 R08: 00007f3f7029f5a0 R09: 0000000000000000 [ 80.373868][ T7969] R10: 1999999999999999 R11: 0000000000000246 R12: 0000000000abc220 [ 80.381847][ T7969] R13: 0000000000abc1c0 R14: 0000000000000005 R15: 0000000000000000 [ 80.391154][ T7969] Kernel Offset: disabled [ 80.395473][ T7969] Rebooting in 86400 seconds..