[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.725273][   T26] audit: type=1800 audit(1572960057.291:25): pid=8803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.766202][   T26] audit: type=1800 audit(1572960057.291:26): pid=8803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.826367][   T26] audit: type=1800 audit(1572960057.291:27): pid=8803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts.
2019/11/05 13:21:08 fuzzer started
2019/11/05 13:21:09 dialing manager at 10.128.0.26:40175
2019/11/05 13:21:09 syscalls: 2566
2019/11/05 13:21:09 code coverage: enabled
2019/11/05 13:21:09 comparison tracing: enabled
2019/11/05 13:21:09 extra coverage: enabled
2019/11/05 13:21:09 setuid sandbox: enabled
2019/11/05 13:21:09 namespace sandbox: enabled
2019/11/05 13:21:09 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/05 13:21:09 fault injection: enabled
2019/11/05 13:21:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/05 13:21:09 net packet injection: enabled
2019/11/05 13:21:09 net device setup: enabled
2019/11/05 13:21:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/05 13:21:09 devlink PCI setup: PCI device 0000:00:10.0 is not available
13:22:47 executing program 0:
ioprio_set$pid(0x2, 0x0, 0x7e39)

13:22:47 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x2)
close(r1)

syzkaller login: [  168.724956][ T8969] IPVS: ftp: loaded support on port[0] = 21
[  168.922604][ T8969] chnl_net:caif_netlink_parms(): no params data found
[  168.934184][ T8972] IPVS: ftp: loaded support on port[0] = 21
13:22:47 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2e26ff56", 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, r2, 0x0, 0x10000000000443)
poll(&(0x7f0000000040)=[{r1}], 0x1, 0x0)

[  169.026888][ T8969] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.046305][ T8969] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.055785][ T8969] device bridge_slave_0 entered promiscuous mode
[  169.083123][ T8969] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.097162][ T8969] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.117177][ T8969] device bridge_slave_1 entered promiscuous mode
[  169.173665][ T8974] IPVS: ftp: loaded support on port[0] = 21
[  169.181845][ T8969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.229190][ T8969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.283228][ T8972] chnl_net:caif_netlink_parms(): no params data found
13:22:47 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
write(r3, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xdf}, 0x0)
mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00')
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000240))
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000900)={{{@in6=@initdev, @in=@empty}}, {{@in=@loopback}, 0x0, @in=@empty}}, 0x0)
mount$fuseblk(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
truncate(&(0x7f0000000100)='./file0\x00', 0x0)
unlink(&(0x7f0000000040)='./file0\x00')
open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0)

[  169.332739][ T8969] team0: Port device team_slave_0 added
[  169.364710][ T8969] team0: Port device team_slave_1 added
[  169.441620][ T8972] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.451000][ T8972] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.463030][ T8972] device bridge_slave_0 entered promiscuous mode
[  169.482464][ T8972] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.490700][ T8972] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.499897][ T8972] device bridge_slave_1 entered promiscuous mode
13:22:48 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x20013ffc)

[  169.609789][ T8969] device hsr_slave_0 entered promiscuous mode
[  169.738921][ T8969] device hsr_slave_1 entered promiscuous mode
[  169.783953][ T8972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.799111][ T8972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.801762][ T8977] IPVS: ftp: loaded support on port[0] = 21
13:22:48 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ppoll(&(0x7f0000000040)=[{r2}, {r3}, {r5}], 0x3, &(0x7f0000000240), 0x0, 0x0)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0x88001)
write$P9_RXATTRCREATE(r6, &(0x7f0000000040)={0x3ba}, 0x7)
r7 = socket(0x11, 0x3, 0x0)
setsockopt$packet_buf(r7, 0x107, 0xf, &(0x7f0000000000)="1f06bfb8", 0x4)
bind(r7, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r8 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000140)=0x102, 0x4)
r9 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r9, 0x0)
read(r9, &(0x7f0000000180)=""/19, 0xfffffe47)
sendfile(r7, r8, 0x0, 0x4e68d5f8)

[  169.859066][ T8980] IPVS: ftp: loaded support on port[0] = 21
[  169.916079][ T8972] team0: Port device team_slave_0 added
[  169.969242][ T8972] team0: Port device team_slave_1 added
[  170.014621][ T8974] chnl_net:caif_netlink_parms(): no params data found
[  170.119619][ T8972] device hsr_slave_0 entered promiscuous mode
[  170.156661][ T8972] device hsr_slave_1 entered promiscuous mode
[  170.198324][ T8972] debugfs: Directory 'hsr0' with parent '/' already present!
[  170.231258][ T8974] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.240897][ T8983] IPVS: ftp: loaded support on port[0] = 21
[  170.242194][ T8974] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.255407][ T8974] device bridge_slave_0 entered promiscuous mode
[  170.263696][ T8974] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.271026][ T8974] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.278763][ T8974] device bridge_slave_1 entered promiscuous mode
[  170.314908][ T8974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.355848][ T8974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.384726][ T8974] team0: Port device team_slave_0 added
[  170.410201][ T8974] team0: Port device team_slave_1 added
[  170.420697][ T8977] chnl_net:caif_netlink_parms(): no params data found
[  170.539402][ T8974] device hsr_slave_0 entered promiscuous mode
[  170.576825][ T8974] device hsr_slave_1 entered promiscuous mode
[  170.616277][ T8974] debugfs: Directory 'hsr0' with parent '/' already present!
[  170.689353][ T8980] chnl_net:caif_netlink_parms(): no params data found
[  170.709054][ T8977] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.716957][ T8977] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.724750][ T8977] device bridge_slave_0 entered promiscuous mode
[  170.734266][ T8977] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.742119][ T8977] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.750165][ T8977] device bridge_slave_1 entered promiscuous mode
[  170.822496][ T8977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.845997][ T8977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.858534][ T8983] chnl_net:caif_netlink_parms(): no params data found
[  170.867931][ T8980] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.875083][ T8980] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.883110][ T8980] device bridge_slave_0 entered promiscuous mode
[  170.913358][ T8980] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.921659][ T8980] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.932517][ T8980] device bridge_slave_1 entered promiscuous mode
[  170.942535][ T8977] team0: Port device team_slave_0 added
[  170.969511][ T8977] team0: Port device team_slave_1 added
[  170.991478][ T8980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.004502][ T8980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.019313][ T8983] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.026591][ T8983] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.034262][ T8983] device bridge_slave_0 entered promiscuous mode
[  171.061807][ T8983] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.069992][ T8983] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.078588][ T8983] device bridge_slave_1 entered promiscuous mode
[  171.094285][ T8980] team0: Port device team_slave_0 added
[  171.159219][ T8977] device hsr_slave_0 entered promiscuous mode
[  171.216688][ T8977] device hsr_slave_1 entered promiscuous mode
[  171.237162][ T8969] netdevsim: probe of netdevsim0 failed with error -17
[  171.256283][ T8977] debugfs: Directory 'hsr0' with parent '/' already present!
[  171.265571][ T8980] team0: Port device team_slave_1 added
[  171.292570][ T8983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.303939][ T8983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.355217][ T8983] team0: Port device team_slave_0 added
[  171.409555][ T8980] device hsr_slave_0 entered promiscuous mode
[  171.446722][ T8980] device hsr_slave_1 entered promiscuous mode
[  171.516301][ T8980] debugfs: Directory 'hsr0' with parent '/' already present!
[  171.528099][ T8983] team0: Port device team_slave_1 added
[  171.619839][ T8983] device hsr_slave_0 entered promiscuous mode
[  171.637149][ T8972] netdevsim: probe of netdevsim1 failed with error -17
[  171.676833][ T8983] device hsr_slave_1 entered promiscuous mode
[  171.726322][ T8983] debugfs: Directory 'hsr0' with parent '/' already present!
[  171.801768][ T8969] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.844398][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  171.858593][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  171.871753][ T8969] 8021q: adding VLAN 0 to HW filter on device team0
[  171.893308][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  171.902527][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  171.911875][ T8991] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.919197][ T8991] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.929943][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  171.942552][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  171.951227][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  171.960537][ T8991] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.967752][ T8991] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.988123][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  171.997251][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.005858][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.020499][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.043812][ T8969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  172.054558][ T8969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.071847][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.080804][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.097058][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.105526][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.107914][ T8974] netdevsim: probe of netdevsim2 failed with error -17
[  172.116640][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.129386][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.138388][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.154103][ T8972] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.174405][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.206490][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  172.213918][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  172.228697][ T8972] 8021q: adding VLAN 0 to HW filter on device team0
[  172.242279][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  172.250078][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  172.274795][ T8969] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.287785][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  172.300259][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  172.309340][ T3101] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.316452][ T3101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.324356][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  172.333404][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  172.342075][ T3101] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.349208][ T3101] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.356826][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  172.382991][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  172.392152][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.422218][ T8972] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  172.433490][ T8972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.455221][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.464499][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.475135][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.484912][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.494251][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.503132][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.512456][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.521047][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.530337][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.538590][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.593222][ T8974] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.606645][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  172.614116][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
13:22:51 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x16, 0xa01, 0x0, 0x0, {0xbb0a}}, 0x14}}, 0x0)

[  172.643192][ T8972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.683826][ T8974] 8021q: adding VLAN 0 to HW filter on device team0
[  172.697962][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  172.709610][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
13:22:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x0, 0x0, 0xffffffffffffff95)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x44c50b86, @ipv4={[], [], @multicast2}}, 0xfffffffffffffee5)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  172.752249][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  172.764289][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  172.774377][ T8985] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.781483][ T8985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.790604][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  172.800430][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  172.810927][ T8985] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.818047][ T8985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.837030][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  172.858902][ T9008] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  172.862781][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  172.884717][ T8977] netdevsim: probe of netdevsim3 failed with error -17
[  172.901319][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.914176][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.923933][ T8980] netdevsim: probe of netdevsim4 failed with error -17
[  172.933078][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.944459][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.954084][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.979735][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.988086][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  173.001139][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  173.011969][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  173.021093][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
13:22:51 executing program 0:
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
r1 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r2)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

[  173.117237][ T8983] netdevsim: probe of netdevsim5 failed with error -17
[  173.125189][ T8974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.164960][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  173.175420][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
13:22:51 executing program 0:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, 0x0, 0xb, 0x1}, 0x14}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffd7)
splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0)

[  173.293565][ T8977] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.340729][ T8977] 8021q: adding VLAN 0 to HW filter on device team0
13:22:51 executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket(0xa, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

[  173.407347][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  173.416744][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  173.429092][ T8980] 8021q: adding VLAN 0 to HW filter on device bond0
13:22:52 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x2)
close(r1)

[  173.497462][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  173.523477][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  173.554609][ T9035] kasan: CONFIG_KASAN_INLINE enabled
[  173.565548][ T8985] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.566211][ T9035] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  173.572742][ T8985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.587577][ T9035] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  173.594915][ T9035] CPU: 0 PID: 9035 Comm: syz-executor.2 Not tainted 5.4.0-rc6-next-20191105 #0
[  173.603850][ T9035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  173.613922][ T9035] RIP: 0010:pagemap_pmd_range+0x83/0x1e40
[  173.615626][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  173.619636][ T9035] Code: c1 ea 03 80 3c 02 00 0f 85 ef 1a 00 00 48 8b 43 18 49 8d 7f 40 48 89 fa 48 c1 ea 03 48 89 45 c8 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 be 1a 00 00 49 8b 5f 40 be 08 00 00 00 4c 8d ab
[  173.619643][ T9035] RSP: 0018:ffff888061127288 EFLAGS: 00010202
[  173.619654][ T9035] RAX: dffffc0000000000 RBX: ffff888061127438 RCX: ffffc9000a367000
[  173.619662][ T9035] RDX: 0000000000000008 RSI: ffffffff81dd1b94 RDI: 0000000000000040
[  173.619670][ T9035] RBP: ffff888061127300 R08: ffff888060934040 R09: ffffed1013d1d5e5
[  173.619677][ T9035] R10: ffffed1013d1d5e4 R11: ffff88809e8eaf23 R12: ffff88808f0c8010
[  173.619691][ T9035] R13: 0000000000600000 R14: 00000000005fffff R15: 0000000000000000
[  173.628466][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  173.647329][ T9035] FS:  00007f825d362700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  173.647336][ T9035] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  173.647342][ T9035] CR2: 00000000004d55f0 CR3: 00000000a8729000 CR4: 00000000001406f0
[  173.647351][ T9035] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  173.647357][ T9035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  173.647361][ T9035] Call Trace:
[  173.647387][ T9035]  ? smaps_pte_range+0x1460/0x1460
[  173.647406][ T9035]  __walk_page_range+0x10ff/0x1b40
[  173.654570][ T8985] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.661414][ T9035]  walk_page_range+0x1c5/0x3b0
[  173.661432][ T9035]  ? __walk_page_range+0x1b40/0x1b40
[  173.669419][ T8985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.677341][ T9035]  ? security_capable+0x95/0xc0
[  173.677361][ T9035]  pagemap_read+0x4d1/0x650
[  173.687366][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  173.693266][ T9035]  ? smaps_rollup_open+0x160/0x160
[  173.693286][ T9035]  do_iter_read+0x4a4/0x660
[  173.731198][ T8980] 8021q: adding VLAN 0 to HW filter on device team0
[  173.732635][ T9035]  ? dup_iter+0x260/0x260
[  173.747319][ T4002] kobject: 'loop0' (000000004d99e4a1): kobject_uevent_env
[  173.748969][ T9035]  vfs_readv+0xf0/0x160
[  173.754097][ T4002] kobject: 'loop0' (000000004d99e4a1): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  173.761056][ T9035]  ? alloc_pages_current+0x10f/0x210
[  173.761069][ T9035]  ? compat_rw_copy_check_uvector+0x4c0/0x4c0
[  173.761082][ T9035]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  173.761096][ T9035]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  173.761117][ T9035]  ? iov_iter_get_pages_alloc+0x3ae/0x12f0
[  173.788250][ T8980] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  173.795017][ T9035]  ? memcpy_mcsafe_to_page+0x150/0x150
[  173.800122][ T8980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  173.804570][ T9035]  ? aa_file_perm+0x40b/0xdd0
[  173.823044][ T8980] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.826686][ T9035]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  173.826699][ T9035]  ? iov_iter_pipe+0xba/0x2f0
[  173.826719][ T9035]  default_file_splice_read+0x482/0x8a0
[  173.836983][ T8980] kobject: 'vlan0' (000000001027275c): kobject_add_internal: parent: 'mesh', set: '<NULL>'
[  173.842182][ T9035]  ? rcu_read_lock_held+0x9c/0xb0
[  173.894737][ T8977] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  173.897179][ T9035]  ? iter_file_splice_write+0xbe0/0xbe0
[  173.897203][ T9035]  ? rcu_read_lock_any_held.part.0+0x50/0x50
13:22:52 executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket(0xa, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

[  173.903943][ T8977] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  173.909636][ T9035]  ? aa_path_link+0x340/0x340
[  173.909651][ T9035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  173.909678][ T9035]  ? security_file_permission+0x8f/0x380
[  173.925595][ T8977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.929823][ T9035]  ? __mutex_init+0xef/0x130
[  173.929842][ T9035]  ? iter_file_splice_write+0xbe0/0xbe0
13:22:52 executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket(0xa, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

[  173.934902][ T8977] kobject: 'vlan0' (0000000087c90a67): kobject_add_internal: parent: 'mesh', set: '<NULL>'
[  173.945155][ T9035]  do_splice_to+0x127/0x180
[  173.945168][ T9035]  splice_direct_to_actor+0x2d3/0x970
[  173.945180][ T9035]  ? generic_pipe_buf_nosteal+0x10/0x10
[  173.945198][ T9035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  174.031930][ T9035]  ? do_splice_to+0x180/0x180
[  174.036634][ T9035]  ? rw_verify_area+0x126/0x360
[  174.041512][ T9035]  do_splice_direct+0x1da/0x2a0
[  174.046373][ T9035]  ? splice_direct_to_actor+0x970/0x970
[  174.051925][ T9035]  ? rw_verify_area+0x126/0x360
[  174.056818][ T9035]  do_sendfile+0x597/0xd00
[  174.061244][ T9035]  ? do_compat_pwritev64+0x1c0/0x1c0
[  174.066533][ T9035]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  174.072783][ T9035]  ? put_timespec64+0xda/0x140
[  174.075256][ T4002] kobject: 'loop0' (000000004d99e4a1): kobject_uevent_env
[  174.077549][ T9035]  __x64_sys_sendfile64+0x1dd/0x220
[  174.077561][ T9035]  ? __ia32_sys_sendfile+0x230/0x230
[  174.077578][ T9035]  ? do_syscall_64+0x26/0x760
[  174.084694][ T4002] kobject: 'loop0' (000000004d99e4a1): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  174.089842][ T9035]  ? lockdep_hardirqs_on+0x421/0x5e0
[  174.089855][ T9035]  ? trace_hardirqs_on+0x67/0x240
[  174.089869][ T9035]  do_syscall_64+0xfa/0x760
[  174.089883][ T9035]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  174.089899][ T9035] RIP: 0033:0x45a219
[  174.134663][ T9035] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  174.154245][ T9035] RSP: 002b:00007f825d361c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  174.162629][ T9035] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
[  174.170571][ T9035] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  174.178525][ T9035] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  174.186470][ T9035] R10: 0010000000000443 R11: 0000000000000246 R12: 00007f825d3626d4
[  174.194426][ T9035] R13: 00000000004c7f94 R14: 00000000004de3b0 R15: 00000000ffffffff
[  174.202375][ T9035] Modules linked in:
[  174.211347][ T8983] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.216360][ T9035] ---[ end trace 2ca0d6acc7ba1967 ]---
[  174.223428][ T9035] RIP: 0010:pagemap_pmd_range+0x83/0x1e40
[  174.229377][ T9035] Code: c1 ea 03 80 3c 02 00 0f 85 ef 1a 00 00 48 8b 43 18 49 8d 7f 40 48 89 fa 48 c1 ea 03 48 89 45 c8 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 be 1a 00 00 49 8b 5f 40 be 08 00 00 00 4c 8d ab
[  174.238401][ T8990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.249511][ T9035] RSP: 0018:ffff888061127288 EFLAGS: 00010202
[  174.262469][ T9035] RAX: dffffc0000000000 RBX: ffff888061127438 RCX: ffffc9000a367000
[  174.262956][ T8990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.271106][ T9035] RDX: 0000000000000008 RSI: ffffffff81dd1b94 RDI: 0000000000000040
[  174.285881][ T9035] RBP: ffff888061127300 R08: ffff888060934040 R09: ffffed1013d1d5e5
[  174.287351][ T9055] kobject: '(null)' (0000000074e5c6e6): kobject_cleanup, parent 00000000e2710d9f
[  174.294362][ T9035] R10: ffffed1013d1d5e4 R11: ffff88809e8eaf23 R12: ffff88808f0c8010
[  174.306541][ T8990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  174.311148][ T9055] kobject: '(null)' (0000000074e5c6e6): calling ktype release
[  174.322583][ T8990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  174.327026][ T9035] R13: 0000000000600000 R14: 00000000005fffff R15: 0000000000000000
[  174.327036][ T9035] FS:  00007f825d362700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  174.327044][ T9035] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  174.327050][ T9035] CR2: 00000000004d55f0 CR3: 00000000a8729000 CR4: 00000000001406f0
[  174.327061][ T9035] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  174.327068][ T9035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  174.327081][ T9035] Kernel panic - not syncing: Fatal exception
[  174.336424][ T9035] Kernel Offset: disabled
[  174.394015][ T9035] Rebooting in 86400 seconds..