[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.020007][ T25] audit: type=1800 audit(1570650611.337:25): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 35.047692][ T25] audit: type=1800 audit(1570650611.347:26): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 35.074916][ T25] audit: type=1800 audit(1570650611.347:27): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. 2019/10/09 19:50:19 fuzzer started 2019/10/09 19:50:20 dialing manager at 10.128.0.105:43471 2019/10/09 19:50:20 syscalls: 2523 2019/10/09 19:50:20 code coverage: enabled 2019/10/09 19:50:20 comparison tracing: enabled 2019/10/09 19:50:20 extra coverage: extra coverage is not supported by the kernel 2019/10/09 19:50:20 setuid sandbox: enabled 2019/10/09 19:50:20 namespace sandbox: enabled 2019/10/09 19:50:20 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 19:50:20 fault injection: enabled 2019/10/09 19:50:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 19:50:20 net packet injection: enabled 2019/10/09 19:50:20 net device setup: enabled 2019/10/09 19:50:20 concurrency sanitizer: enabled 19:50:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) syzkaller login: [ 47.577357][ T7251] IPVS: ftp: loaded support on port[0] = 21 19:50:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) [ 47.663393][ T7251] chnl_net:caif_netlink_parms(): no params data found [ 47.709983][ T7251] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.718495][ T7251] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.727164][ T7251] device bridge_slave_0 entered promiscuous mode [ 47.735824][ T7251] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.743317][ T7251] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.751643][ T7251] device bridge_slave_1 entered promiscuous mode [ 47.778227][ T7251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.803169][ T7251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.853679][ T7251] team0: Port device team_slave_0 added [ 47.870970][ T7251] team0: Port device team_slave_1 added [ 47.943379][ T7251] device hsr_slave_0 entered promiscuous mode [ 47.980644][ T7251] device hsr_slave_1 entered promiscuous mode 19:50:24 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) close(r0) io_setup(0x3, &(0x7f00000001c0)=0x0) r2 = openat$capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r2, 0x400c4301, &(0x7f0000000000)={0x0, 0x0, 0x79c4}) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000005, 0x0, r0, 0x0}]) [ 48.058822][ T7254] IPVS: ftp: loaded support on port[0] = 21 [ 48.080933][ T7251] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.088009][ T7251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.095504][ T7251] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.102646][ T7251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.257896][ T7251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.300090][ T7251] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.321183][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.331630][ T43] bridge0: port 1(bridge_slave_0) entered disabled state 19:50:24 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0xa927, 0x2d, 0x0, 0xffffffffffffff9c}) r2 = dup(r1) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000240)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 48.352036][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.372709][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.423514][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.441114][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.448192][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.458156][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.466730][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.474338][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.497530][ T7260] IPVS: ftp: loaded support on port[0] = 21 [ 48.511040][ T7254] chnl_net:caif_netlink_parms(): no params data found [ 48.546601][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.556536][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.567402][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.577680][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.598572][ T7251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.621864][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.667869][ T7251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.710059][ T7254] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.718225][ T7254] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.751264][ T7254] device bridge_slave_0 entered promiscuous mode [ 48.760845][ T7254] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.767933][ T7254] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.782694][ T7254] device bridge_slave_1 entered promiscuous mode [ 48.808874][ T7264] IPVS: ftp: loaded support on port[0] = 21 19:50:25 executing program 4: r0 = memfd_create(&(0x7f00000004c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh\xcbn\xfc\xa6#\xcb)\x0f\xc8\xa93\x9cc\x10d\x05\x00\x00\x00\x00\x00\x00\x00k\xde\xc5\xe96\xddU\x05\x00\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98E\xa1\xba4\xeaU\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\x187T\xd4\x99\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x5) lseek(r0, 0x0, 0x1) [ 48.873243][ T7254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.893553][ T7254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.007004][ T7254] team0: Port device team_slave_0 added [ 49.036143][ T7260] chnl_net:caif_netlink_parms(): no params data found [ 49.080283][ T7254] team0: Port device team_slave_1 added [ 49.150414][ C0] hrtimer: interrupt took 33777 ns 19:50:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 49.215842][ T7254] device hsr_slave_0 entered promiscuous mode [ 49.280630][ T7254] device hsr_slave_1 entered promiscuous mode [ 49.322628][ T7254] debugfs: Directory 'hsr0' with parent '/' already present! [ 49.382090][ T7260] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.389169][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.411367][ T7260] device bridge_slave_0 entered promiscuous mode [ 49.427560][ T7254] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.434670][ T7254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.454974][ T7278] IPVS: ftp: loaded support on port[0] = 21 [ 49.461033][ T7260] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.468086][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.481361][ T7260] device bridge_slave_1 entered promiscuous mode 19:50:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 49.511281][ T7264] chnl_net:caif_netlink_parms(): no params data found 19:50:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 49.577664][ T7254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.615450][ T7260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.667556][ T7264] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.708316][ T7264] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.731162][ T7264] device bridge_slave_0 entered promiscuous mode 19:50:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 49.755170][ T7260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.780130][ T7254] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.794130][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.816097][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.875000][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.894113][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.924317][ T7264] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.939536][ T7264] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.961126][ T7264] device bridge_slave_1 entered promiscuous mode 19:50:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 50.007367][ T7254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.018702][ T7254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.056858][ T7264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.092519][ T7260] team0: Port device team_slave_0 added [ 50.108675][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.121084][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.129649][ T3023] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.136847][ T3023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.149087][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.158108][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.170406][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.177476][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.189381][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.198836][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:50:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 50.211409][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.223606][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.232746][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.244671][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.253732][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.277255][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.299445][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.319330][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.329133][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.337757][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.349255][ T7264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.365711][ T7260] team0: Port device team_slave_1 added [ 50.386148][ T7286] IPVS: ftp: loaded support on port[0] = 21 [ 50.421302][ T7264] team0: Port device team_slave_0 added [ 50.428253][ T7264] team0: Port device team_slave_1 added 19:50:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 50.436033][ T7254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.493146][ T7260] device hsr_slave_0 entered promiscuous mode [ 50.530929][ T7260] device hsr_slave_1 entered promiscuous mode 19:50:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) [ 50.570482][ T7260] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.683779][ T7264] device hsr_slave_0 entered promiscuous mode [ 50.710593][ T7264] device hsr_slave_1 entered promiscuous mode [ 50.751547][ T7264] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.797940][ T7278] chnl_net:caif_netlink_parms(): no params data found [ 50.866014][ T7278] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.873720][ T7278] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.882226][ T7278] device bridge_slave_0 entered promiscuous mode [ 50.920366][ T7278] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.927481][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.938831][ T7278] device bridge_slave_1 entered promiscuous mode [ 50.959511][ T7260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.979687][ T7278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.991988][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 50.992011][ T25] audit: type=1800 audit(1570650627.317:31): pid=7309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16523 res=0 [ 50.997340][ T7278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.028253][ T25] audit: type=1804 audit(1570650627.347:32): pid=7309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir080161779/syzkaller.SbdXZi/0/file0" dev="sda1" ino=16523 res=1 [ 51.101802][ T25] audit: type=1804 audit(1570650627.427:33): pid=7311 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir080161779/syzkaller.SbdXZi/0/file0" dev="sda1" ino=16523 res=1 [ 51.102370][ T7286] chnl_net:caif_netlink_parms(): no params data found [ 51.138226][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.146249][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.157191][ T7264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.165689][ T7278] team0: Port device team_slave_0 added [ 51.185256][ T7278] team0: Port device team_slave_1 added [ 51.194186][ T7260] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.223911][ T7305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.232520][ T7305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.241556][ T7305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.250831][ T7305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.259620][ T7305] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.266772][ T7305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.275641][ T7305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.301725][ T7286] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.309032][ T7286] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.318909][ T7286] device bridge_slave_0 entered promiscuous mode [ 51.336446][ T7264] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.345736][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.355190][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.364427][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.371595][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.379649][ T3023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.389712][ T7286] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.396997][ T7286] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.405347][ T7286] device bridge_slave_1 entered promiscuous mode [ 51.453376][ T7278] device hsr_slave_0 entered promiscuous mode [ 51.491460][ T7278] device hsr_slave_1 entered promiscuous mode [ 51.530653][ T7278] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.549698][ T7257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.592329][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.601706][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.611431][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.620942][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.629943][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.639006][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.647828][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.654932][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.663628][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.672709][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.681493][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.688646][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.696843][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.706029][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.718607][ T25] audit: type=1804 audit(1570650628.047:34): pid=7312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir080161779/syzkaller.SbdXZi/0/file0" dev="sda1" ino=16523 res=1 19:50:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) [ 51.720568][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.774802][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.783972][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.793032][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.813505][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.822241][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.840855][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.849300][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.857935][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.866349][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.876832][ T7286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.888772][ T7264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.900753][ T7264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.906620][ T25] audit: type=1800 audit(1570650628.227:35): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16523 res=0 [ 51.919502][ T7264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.938531][ T25] audit: type=1804 audit(1570650628.257:36): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir080161779/syzkaller.SbdXZi/1/file0" dev="sda1" ino=16523 res=1 [ 51.946748][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.974941][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.984736][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.992820][ T25] audit: type=1804 audit(1570650628.317:37): pid=7320 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir080161779/syzkaller.SbdXZi/1/file0" dev="sda1" ino=16523 res=1 [ 51.994214][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.027120][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.035892][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.047125][ T7286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.074649][ T7317] ================================================================== [ 52.082793][ T7317] BUG: KCSAN: data-race in blk_mq_dispatch_rq_list / blk_mq_dispatch_rq_list [ 52.091539][ T7317] [ 52.093878][ T7317] read to 0xffff8881299d8d60 of 8 bytes by task 2506 on cpu 1: [ 52.101412][ T7317] blk_mq_dispatch_rq_list+0x4d1/0xe30 [ 52.106909][ T7317] blk_mq_do_dispatch_sched+0x11d/0x260 [ 52.112432][ T7317] blk_mq_sched_dispatch_requests+0x2b4/0x380 [ 52.118514][ T7317] __blk_mq_run_hw_queue+0xb7/0x160 [ 52.123692][ T7317] blk_mq_run_work_fn+0x57/0x70 [ 52.128521][ T7317] process_one_work+0x3d4/0x890 [ 52.133351][ T7317] worker_thread+0xa0/0x800 [ 52.137830][ T7317] kthread+0x1d4/0x200 [ 52.141944][ T7317] ret_from_fork+0x1f/0x30 [ 52.146372][ T7317] [ 52.148729][ T7317] write to 0xffff8881299d8d60 of 8 bytes by task 7317 on cpu 0: [ 52.156342][ T7317] blk_mq_dispatch_rq_list+0x4e6/0xe30 [ 52.161788][ T7317] blk_mq_do_dispatch_sched+0x11d/0x260 [ 52.167314][ T7317] blk_mq_sched_dispatch_requests+0x2b4/0x380 [ 52.173357][ T7317] __blk_mq_run_hw_queue+0xb7/0x160 [ 52.178581][ T7317] __blk_mq_delay_run_hw_queue+0x31b/0x3a0 [ 52.184367][ T7317] blk_mq_run_hw_queue+0x103/0x1c0 [ 52.189460][ T7317] blk_mq_sched_insert_requests+0x1ca/0x2e0 [ 52.195336][ T7317] blk_mq_flush_plug_list+0x572/0x6c0 [ 52.200686][ T7317] blk_flush_plug_list+0x271/0x2a0 [ 52.205777][ T7317] blk_finish_plug+0x60/0x84 [ 52.210352][ T7317] read_pages+0xbc/0x2d0 [ 52.214621][ T7317] __do_page_cache_readahead+0x353/0x390 [ 52.220236][ T7317] ondemand_readahead+0x35d/0x710 [ 52.225239][ T7317] [ 52.227542][ T7317] Reported by Kernel Concurrency Sanitizer on: [ 52.233676][ T7317] CPU: 0 PID: 7317 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 52.241118][ T7317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.251147][ T7317] ================================================================== [ 52.259207][ T7317] Kernel panic - not syncing: panic_on_warn set ... [ 52.265772][ T7317] CPU: 0 PID: 7317 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 52.273218][ T7317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.283249][ T7317] Call Trace: [ 52.286537][ T7317] dump_stack+0xf5/0x159 [ 52.290765][ T7317] panic+0x209/0x639 [ 52.294641][ T7317] ? blk_flush_plug_list+0x271/0x2a0 [ 52.299920][ T7317] ? vprintk_func+0x8d/0x140 [ 52.304489][ T7317] kcsan_report.cold+0xc/0x1b [ 52.309144][ T7317] __kcsan_setup_watchpoint+0x3ee/0x510 [ 52.314852][ T7317] __tsan_write8+0x32/0x40 [ 52.319260][ T7317] blk_mq_dispatch_rq_list+0x4e6/0xe30 [ 52.324735][ T7317] ? __tsan_read8+0x2c/0x30 [ 52.329228][ T7317] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.334842][ T7317] ? dd_dispatch_request+0x162/0x5a0 [ 52.340121][ T7317] blk_mq_do_dispatch_sched+0x11d/0x260 [ 52.345653][ T7317] blk_mq_sched_dispatch_requests+0x2b4/0x380 [ 52.351696][ T7317] ? __tsan_write4+0x32/0x40 [ 52.356266][ T7317] __blk_mq_run_hw_queue+0xb7/0x160 [ 52.361444][ T7317] __blk_mq_delay_run_hw_queue+0x31b/0x3a0 [ 52.367251][ T7317] blk_mq_run_hw_queue+0x103/0x1c0 [ 52.372343][ T7317] ? dd_merged_requests+0x250/0x250 [ 52.377520][ T7317] blk_mq_sched_insert_requests+0x1ca/0x2e0 [ 52.383393][ T7317] blk_mq_flush_plug_list+0x572/0x6c0 [ 52.388747][ T7317] blk_flush_plug_list+0x271/0x2a0 [ 52.393835][ T7317] blk_finish_plug+0x60/0x84 [ 52.398419][ T7317] ? ext4_invalidatepage+0x1e0/0x1e0 [ 52.403692][ T7317] read_pages+0xbc/0x2d0 [ 52.407927][ T7317] __do_page_cache_readahead+0x353/0x390 [ 52.413553][ T7317] ondemand_readahead+0x35d/0x710 [ 52.418567][ T7317] page_cache_sync_readahead+0x1ad/0x1e0 [ 52.424196][ T7317] generic_file_read_iter+0xeb6/0x1440 [ 52.429663][ T7317] ext4_file_read_iter+0xfa/0x240 [ 52.434676][ T7317] generic_file_splice_read+0x35c/0x500 [ 52.440220][ T7317] do_splice_to+0xf2/0x130 [ 52.444625][ T7317] ? add_to_pipe+0x1a0/0x1a0 [ 52.449195][ T7317] ? add_to_pipe+0x1a0/0x1a0 [ 52.453767][ T7317] splice_direct_to_actor+0x1a1/0x510 [ 52.459117][ T7317] ? generic_pipe_buf_nosteal+0x20/0x20 [ 52.464649][ T7317] do_splice_direct+0x161/0x1e0 [ 52.469486][ T7317] do_sendfile+0x384/0x7f0 [ 52.473887][ T7317] __x64_sys_sendfile64+0x12a/0x140 [ 52.479064][ T7317] do_syscall_64+0xcf/0x2f0 [ 52.483550][ T7317] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.489416][ T7317] RIP: 0033:0x459a59 [ 52.493289][ T7317] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.512879][ T7317] RSP: 002b:00007fb5840f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 52.521298][ T7317] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a59 [ 52.529247][ T7317] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 52.537197][ T7317] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 52.545161][ T7317] R10: 000000007fffffa7 R11: 0000000000000246 R12: 00007fb5840fa6d4 [ 52.553113][ T7317] R13: 00000000004c748b R14: 00000000004dd038 R15: 00000000ffffffff [ 52.562267][ T7317] Kernel Offset: disabled [ 52.566585][ T7317] Rebooting in 86400 seconds..