[ 55.553121][ T26] audit: type=1800 audit(1572472495.795:25): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.587613][ T26] audit: type=1800 audit(1572472495.795:26): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.624137][ T26] audit: type=1800 audit(1572472495.795:27): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 56.348750][ T8729] sshd (8729) used greatest stack depth: 22888 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.208' (ECDSA) to the list of known hosts. 2019/10/30 21:55:06 fuzzer started 2019/10/30 21:55:08 dialing manager at 10.128.0.26:32889 2019/10/30 21:55:08 syscalls: 2541 2019/10/30 21:55:08 code coverage: enabled 2019/10/30 21:55:08 comparison tracing: enabled 2019/10/30 21:55:08 extra coverage: extra coverage is not supported by the kernel 2019/10/30 21:55:08 setuid sandbox: enabled 2019/10/30 21:55:08 namespace sandbox: enabled 2019/10/30 21:55:08 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/30 21:55:08 fault injection: enabled 2019/10/30 21:55:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/30 21:55:08 net packet injection: enabled 2019/10/30 21:55:08 net device setup: enabled 2019/10/30 21:55:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 21:56:21 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) syzkaller login: [ 141.359163][ T8831] IPVS: ftp: loaded support on port[0] = 21 21:56:21 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) rmdir(&(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) [ 141.469463][ T8831] chnl_net:caif_netlink_parms(): no params data found [ 141.520416][ T8831] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.528236][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.536240][ T8831] device bridge_slave_0 entered promiscuous mode [ 141.544888][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.552198][ T8831] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.560292][ T8831] device bridge_slave_1 entered promiscuous mode [ 141.585318][ T8831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.596224][ T8831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.622388][ T8831] team0: Port device team_slave_0 added [ 141.641822][ T8831] team0: Port device team_slave_1 added [ 141.654621][ T8834] IPVS: ftp: loaded support on port[0] = 21 21:56:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f0000001080)=0x1e) [ 141.721840][ T8831] device hsr_slave_0 entered promiscuous mode [ 141.788955][ T8831] device hsr_slave_1 entered promiscuous mode [ 141.913588][ T8836] IPVS: ftp: loaded support on port[0] = 21 [ 141.945153][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.952598][ T8831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.960465][ T8831] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.967586][ T8831] bridge0: port 1(bridge_slave_0) entered forwarding state 21:56:22 executing program 3: msgget$private(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = io_uring_setup(0xa4, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) [ 142.156249][ T8834] chnl_net:caif_netlink_parms(): no params data found [ 142.238621][ T8834] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.245812][ T8834] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.255180][ T8834] device bridge_slave_0 entered promiscuous mode [ 142.271674][ T8839] IPVS: ftp: loaded support on port[0] = 21 21:56:22 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x1, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) [ 142.289079][ T8831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.301327][ T8834] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.315091][ T8834] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.325749][ T8834] device bridge_slave_1 entered promiscuous mode [ 142.396523][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.413176][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.450716][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.459786][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 142.478597][ T8831] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.540687][ T3531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.552506][ T3531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.561434][ T3531] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.568550][ T3531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.578949][ T3531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 21:56:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x2, [{0x40000010}]}) [ 142.589043][ T3531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.599138][ T3531] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.606202][ T3531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.634438][ T8834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.659817][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.670806][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.680343][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.691898][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.700479][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.709560][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.718632][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.730097][ T8836] chnl_net:caif_netlink_parms(): no params data found [ 142.747413][ T8834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.760743][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.770836][ T8846] IPVS: ftp: loaded support on port[0] = 21 [ 142.778198][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.790373][ T8831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 142.803714][ T8831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.821596][ T8844] IPVS: ftp: loaded support on port[0] = 21 [ 142.845383][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.854459][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.883773][ T8834] team0: Port device team_slave_0 added [ 142.892813][ T8834] team0: Port device team_slave_1 added [ 142.913509][ T8831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.987159][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.998711][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.007208][ T8836] device bridge_slave_0 entered promiscuous mode [ 143.070705][ T8834] device hsr_slave_0 entered promiscuous mode [ 143.128042][ T8834] device hsr_slave_1 entered promiscuous mode [ 143.157988][ T8834] debugfs: Directory 'hsr0' with parent '/' already present! [ 143.178876][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.185969][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.193870][ T8836] device bridge_slave_1 entered promiscuous mode [ 143.273461][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 21:56:23 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 143.314524][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:56:23 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 143.391152][ T8839] chnl_net:caif_netlink_parms(): no params data found 21:56:23 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 143.479308][ T8836] team0: Port device team_slave_0 added [ 143.489314][ T8844] chnl_net:caif_netlink_parms(): no params data found [ 143.518478][ T8836] team0: Port device team_slave_1 added [ 143.650937][ T8836] device hsr_slave_0 entered promiscuous mode [ 143.708069][ T8836] device hsr_slave_1 entered promiscuous mode [ 143.747663][ T8836] debugfs: Directory 'hsr0' with parent '/' already present! [ 143.755338][ T8846] chnl_net:caif_netlink_parms(): no params data found [ 143.772109][ T8839] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.780124][ T8839] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.789150][ T8839] device bridge_slave_0 entered promiscuous mode 21:56:24 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 143.802698][ T8839] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.812339][ T8839] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.820823][ T8839] device bridge_slave_1 entered promiscuous mode [ 143.900418][ T8844] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.908197][ T8844] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.916022][ T8844] device bridge_slave_0 entered promiscuous mode [ 143.924818][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.931980][ T8844] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.942052][ T8844] device bridge_slave_1 entered promiscuous mode 21:56:24 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 143.973690][ T8839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.990431][ T8839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:56:24 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe0569942f46cde7188b"}, 0x60) dup2(r0, r1) [ 144.088792][ T8846] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.096997][ T8846] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.125096][ T8846] device bridge_slave_0 entered promiscuous mode [ 144.144688][ T8844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.156868][ T8844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.179049][ T8846] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.186820][ T8846] bridge0: port 2(bridge_slave_1) entered disabled state 21:56:24 executing program 0: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xcf, 0x0, 0x0) accept$inet(r2, &(0x7f0000000080), &(0x7f00000000c0)=0x10) r3 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x200004) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) r6 = socket$inet(0x2, 0x0, 0x0) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = dup3(r6, r7, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r7, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r8, 0x84, 0xe, &(0x7f000059aff8)={r9}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000140)={r9, @in6={{0xa, 0x4e22, 0x80000001, @dev={0xfe, 0x80, [], 0x28}, 0xa3b4}}, 0x8, 0x4}, &(0x7f0000000200)=0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000240)={r10, @in6={{0xa, 0x4e23, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x6}}, 0x2, 0x401}, 0x90) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000300)=0x8) r11 = shmget$private(0x0, 0x2000, 0x2, &(0x7f00000e8000/0x2000)=nil) shmctl$SHM_INFO(r11, 0xe, &(0x7f0000000040)=""/6) [ 144.195681][ T8846] device bridge_slave_1 entered promiscuous mode [ 144.218487][ T8834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.228789][ T8839] team0: Port device team_slave_0 added [ 144.236181][ T8839] team0: Port device team_slave_1 added [ 144.315861][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.324220][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.340680][ T8844] team0: Port device team_slave_0 added [ 144.350124][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.370263][ C1] hrtimer: interrupt took 27555 ns [ 144.370311][ T8846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.421327][ T8839] device hsr_slave_0 entered promiscuous mode [ 144.497871][ T8839] device hsr_slave_1 entered promiscuous mode [ 144.547776][ T8839] debugfs: Directory 'hsr0' with parent '/' already present! [ 144.558494][ T8844] team0: Port device team_slave_1 added [ 144.573961][ T8846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.601895][ T8834] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.625399][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.637972][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.646255][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.653345][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.661246][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.721296][ T8844] device hsr_slave_0 entered promiscuous mode [ 144.788106][ T8844] device hsr_slave_1 entered promiscuous mode [ 144.827758][ T8844] debugfs: Directory 'hsr0' with parent '/' already present! [ 144.854010][ T8836] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.863413][ T8846] team0: Port device team_slave_0 added [ 144.873781][ T8846] team0: Port device team_slave_1 added [ 144.880325][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.889152][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.897456][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.904548][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.914177][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.923331][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.931134][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.984751][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.994149][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.002873][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.011425][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.020590][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.029027][ T8847] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.036069][ T8847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.044155][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.052219][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.085950][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.096430][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.105623][ T8840] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.112772][ T8840] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.121370][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 145.130475][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 145.201369][ T8846] device hsr_slave_0 entered promiscuous mode [ 145.238027][ T8846] device hsr_slave_1 entered promiscuous mode [ 145.287705][ T8846] debugfs: Directory 'hsr0' with parent '/' already present! [ 145.307829][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.316365][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.325852][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.334669][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.343206][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.351686][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.363251][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.371183][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 145.379747][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 145.419879][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.433072][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.443290][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.452029][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.460289][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.468729][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.480655][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.499870][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.546614][ T8836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.559381][ T8834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.599988][ T8844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.636827][ T8839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.675790][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.691550][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.704125][ T8844] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.719335][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.727314][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.738137][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.746600][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.755394][ T8847] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.762505][ T8847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.772147][ T8839] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.788848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.796661][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.810220][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.819288][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.826341][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.841842][ T8846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.858888][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.883049][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.903471][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.910646][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.932867][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.942392][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.965228][ T8846] 8021q: adding VLAN 0 to HW filter on device team0 21:56:26 executing program 0: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xcf, 0x0, 0x0) accept$inet(r2, &(0x7f0000000080), &(0x7f00000000c0)=0x10) r3 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x200004) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) r6 = socket$inet(0x2, 0x0, 0x0) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = dup3(r6, r7, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r7, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r8, 0x84, 0xe, &(0x7f000059aff8)={r9}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000140)={r9, @in6={{0xa, 0x4e22, 0x80000001, @dev={0xfe, 0x80, [], 0x28}, 0xa3b4}}, 0x8, 0x4}, &(0x7f0000000200)=0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000240)={r10, @in6={{0xa, 0x4e23, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x6}}, 0x2, 0x401}, 0x90) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000300)=0x8) r11 = shmget$private(0x0, 0x2000, 0x2, &(0x7f00000e8000/0x2000)=nil) shmctl$SHM_INFO(r11, 0xe, &(0x7f0000000040)=""/6) 21:56:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f0000001080)=0x1e) [ 146.005060][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 146.018283][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.045651][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.052827][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.067892][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 146.076848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 146.099779][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 146.122727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 146.151882][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.160688][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.167848][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.176986][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 146.201598][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 146.210682][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 146.219485][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 146.228945][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 146.238571][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 146.246449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 146.279785][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 146.289112][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.306555][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.313686][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.328401][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 146.336879][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.345593][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 146.355078][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 146.363714][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.372416][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 146.381490][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 146.396578][ T8844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.410855][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 146.420401][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 146.448832][ T8844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.456965][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 146.465930][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 146.475174][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 146.485211][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 146.493986][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.502463][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 146.514997][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.525819][ T8846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.540413][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 146.552860][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 146.561826][ T8840] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 146.582330][ T8839] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 146.593789][ T8839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 146.611208][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 146.620181][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 146.629548][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 146.637939][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.646157][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 146.654893][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.663882][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.685912][ T8839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.725477][ T8846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.756606][ T8931] block nbd4: shutting down sockets [ 146.782279][ T8931] block nbd4: shutting down sockets [ 146.955039][ T8947] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 147.110280][ T8950] ================================================================== [ 147.118575][ T8950] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 147.125838][ T8950] Write of size 8 at addr 0000000000000004 by task syz-executor.3/8950 [ 147.134071][ T8950] [ 147.136387][ T8950] CPU: 0 PID: 8950 Comm: syz-executor.3 Not tainted 5.4.0-rc5-next-20191030 #0 [ 147.145305][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.155424][ T8950] Call Trace: [ 147.158705][ T8950] dump_stack+0x172/0x1f0 [ 147.163015][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.167933][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.173556][ T8950] __kasan_report.cold+0x5/0x41 [ 147.178402][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.183320][ T8950] kasan_report+0x12/0x20 [ 147.187628][ T8950] check_memory_region+0x134/0x1a0 [ 147.192717][ T8950] __kasan_check_write+0x14/0x20 [ 147.197641][ T8950] io_wq_cancel_all+0x28/0x2a0 [ 147.202401][ T8950] io_uring_flush+0x35a/0x4e0 [ 147.207057][ T8950] ? exit_sem+0x9a4/0x1d89 [ 147.211457][ T8950] ? io_wake_function+0x260/0x260 [ 147.216460][ T8950] ? exit_files+0x7b/0xb0 [ 147.220773][ T8950] ? finish_wait+0x260/0x260 [ 147.225340][ T8950] ? exit_files+0x7b/0xb0 [ 147.229665][ T8950] ? io_wake_function+0x260/0x260 [ 147.234681][ T8950] filp_close+0xbd/0x170 [ 147.238904][ T8950] put_files_struct+0x1d7/0x2f0 [ 147.243733][ T8950] exit_files+0x83/0xb0 [ 147.247887][ T8950] do_exit+0x8d2/0x2e60 [ 147.252025][ T8950] ? mm_update_next_owner+0x640/0x640 [ 147.257377][ T8950] ? lock_downgrade+0x920/0x920 [ 147.262207][ T8950] ? _raw_spin_unlock_irq+0x23/0x80 [ 147.267383][ T8950] ? get_signal+0x392/0x24f0 [ 147.271979][ T8950] ? _raw_spin_unlock_irq+0x23/0x80 [ 147.277155][ T8950] do_group_exit+0x135/0x360 [ 147.281724][ T8950] get_signal+0x47c/0x24f0 [ 147.286133][ T8950] ? lock_downgrade+0x920/0x920 [ 147.290992][ T8950] do_signal+0x87/0x1700 [ 147.295230][ T8950] ? __kasan_check_read+0x11/0x20 [ 147.300242][ T8950] ? _copy_to_user+0x118/0x160 [ 147.305001][ T8950] ? setup_sigcontext+0x7d0/0x7d0 [ 147.310021][ T8950] ? exit_to_usermode_loop+0x43/0x380 [ 147.315373][ T8950] ? do_syscall_64+0x65f/0x760 [ 147.320114][ T8950] ? exit_to_usermode_loop+0x43/0x380 [ 147.325464][ T8950] ? lockdep_hardirqs_on+0x421/0x5e0 [ 147.330728][ T8950] ? trace_hardirqs_on+0x67/0x240 [ 147.335737][ T8950] exit_to_usermode_loop+0x286/0x380 [ 147.341016][ T8950] do_syscall_64+0x65f/0x760 [ 147.345587][ T8950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 147.351456][ T8950] RIP: 0033:0x459f49 [ 147.355330][ T8950] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 147.374912][ T8950] RSP: 002b:00007fc27b7a0cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 147.383300][ T8950] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 147.391254][ T8950] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 147.399204][ T8950] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 147.407277][ T8950] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 147.415314][ T8950] R13: 00007ffe5fd0c8df R14: 00007fc27b7a19c0 R15: 000000000075bfd4 [ 147.423275][ T8950] ================================================================== [ 147.431307][ T8950] Disabling lock debugging due to kernel taint [ 147.449723][ T8950] Kernel panic - not syncing: panic_on_warn set ... [ 147.456370][ T8950] CPU: 0 PID: 8950 Comm: syz-executor.3 Tainted: G B 5.4.0-rc5-next-20191030 #0 [ 147.466669][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.477059][ T8950] Call Trace: [ 147.480419][ T8950] dump_stack+0x172/0x1f0 [ 147.484735][ T8950] panic+0x2e3/0x75c [ 147.488608][ T8950] ? add_taint.cold+0x16/0x16 [ 147.493364][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.498293][ T8950] ? preempt_schedule+0x4b/0x60 [ 147.503136][ T8950] ? ___preempt_schedule+0x16/0x18 [ 147.508233][ T8950] ? trace_hardirqs_on+0x5e/0x240 [ 147.513244][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.518164][ T8950] end_report+0x47/0x4f [ 147.522299][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.527230][ T8950] __kasan_report.cold+0xe/0x41 [ 147.532062][ T8950] ? io_wq_cancel_all+0x28/0x2a0 [ 147.536976][ T8950] kasan_report+0x12/0x20 [ 147.541283][ T8950] check_memory_region+0x134/0x1a0 [ 147.546373][ T8950] __kasan_check_write+0x14/0x20 [ 147.551289][ T8950] io_wq_cancel_all+0x28/0x2a0 [ 147.556031][ T8950] io_uring_flush+0x35a/0x4e0 [ 147.560691][ T8950] ? exit_sem+0x9a4/0x1d89 [ 147.565104][ T8950] ? io_wake_function+0x260/0x260 [ 147.570104][ T8950] ? exit_files+0x7b/0xb0 [ 147.574422][ T8950] ? finish_wait+0x260/0x260 [ 147.579009][ T8950] ? exit_files+0x7b/0xb0 [ 147.583331][ T8950] ? io_wake_function+0x260/0x260 [ 147.588348][ T8950] filp_close+0xbd/0x170 [ 147.592570][ T8950] put_files_struct+0x1d7/0x2f0 [ 147.597413][ T8950] exit_files+0x83/0xb0 [ 147.601561][ T8950] do_exit+0x8d2/0x2e60 [ 147.605715][ T8950] ? mm_update_next_owner+0x640/0x640 [ 147.611080][ T8950] ? lock_downgrade+0x920/0x920 [ 147.615925][ T8950] ? _raw_spin_unlock_irq+0x23/0x80 [ 147.621100][ T8950] ? get_signal+0x392/0x24f0 [ 147.625683][ T8950] ? _raw_spin_unlock_irq+0x23/0x80 [ 147.630859][ T8950] do_group_exit+0x135/0x360 [ 147.635426][ T8950] get_signal+0x47c/0x24f0 [ 147.639821][ T8950] ? lock_downgrade+0x920/0x920 [ 147.644656][ T8950] do_signal+0x87/0x1700 [ 147.648873][ T8950] ? __kasan_check_read+0x11/0x20 [ 147.653873][ T8950] ? _copy_to_user+0x118/0x160 [ 147.658657][ T8950] ? setup_sigcontext+0x7d0/0x7d0 [ 147.663660][ T8950] ? exit_to_usermode_loop+0x43/0x380 [ 147.669008][ T8950] ? do_syscall_64+0x65f/0x760 [ 147.673747][ T8950] ? exit_to_usermode_loop+0x43/0x380 [ 147.679104][ T8950] ? lockdep_hardirqs_on+0x421/0x5e0 [ 147.685029][ T8950] ? trace_hardirqs_on+0x67/0x240 [ 147.690069][ T8950] exit_to_usermode_loop+0x286/0x380 [ 147.695335][ T8950] do_syscall_64+0x65f/0x760 [ 147.699912][ T8950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 147.705787][ T8950] RIP: 0033:0x459f49 [ 147.709680][ T8950] Code: 68 48 8b 1b 64 48 89 1c 25 f8 ff ff ff 48 8b 63 38 52 e8 aa bb fe ff 48 c7 04 25 03 10 00 00 00 00 00 00 5a c3 cc cc cc cc cc cc cc cc cc cc cc 31 d2 e9 59 ff ff ff cc cc cc cc cc cc cc cc [ 147.729287][ T8950] RSP: 002b:00007fc27b7a0cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 147.737677][ T8950] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 147.745625][ T8950] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 147.753573][ T8950] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 147.761524][ T8950] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 147.769486][ T8950] R13: 00007ffe5fd0c8df R14: 00007fc27b7a19c0 R15: 000000000075bfd4 [ 147.778948][ T8950] Kernel Offset: disabled [ 147.783315][ T8950] Rebooting in 86400 seconds..